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Preface 


This volume contains the proceedings of the two-day departmental seminar organised by the 
Department of Computer Applications (MCA) of Vidya Academy of Science & Technology 
during 22 — 23 November 2019. The seminar was the culmination of a coursework (with 
course code RLMCA 341 Seminar) to be completed by the MCA students of APJ Abdul 
Kalam Technological University during the Fifth Semester of the MCA programme. 

The syllabus of the course RLMCA 341 Seminar specifies the objective of the course as 
follows: “To enable the students to gain knowledge in any of the technically relevant current 
topics on computer science/information technology/research, and acquire the confidence in 
presenting the topic and preparing a report.” 

Again as per the syllabus, as part of the course, “each student is expected to undertake 
a detailed study on a technically relevant current topic in computer science/information 
technology under the supervision of a faculty member, by referring articles published in 
reputed journals/conference proceedings. Each student has to submit a seminar report, 
based on these papers; the report must not be reproduction of any original paper. The 
topic has to be presented taking a duration of 15 — 20 minutes. The report and slides for 
presentation has to be prepared using free typesetting software such as ATEX.” 

In Vidya Academy of Science & Technology, the supervising teachers helped the stu- 
dents to identify the areas in which the students were to work and the teachers provided the 
students with some initial learning materials in the form of papers. After the initial reading 
of these materials, the students were asked to search for additional reading materials them- 
selves. The students were required to study the papers and present a “study report/study 
paper” in a Departmental Seminar. The reports/papers collected in this volume are the 
study papers prepared by the students and presented in the Departmental Seminar. The 
Seminar was organised as a two-day event during 22 — 23 November 2019. 

As part of the learning process, the students were also required to present the paper 
in the IEEE conference paper format. To facilitate this, the students were given a basic 
introduction to the ATX software and the IEEEtran document style. 

In addition to gaining knowledge in any of the technically relevant current topics on com- 
puter science/information technology /research, the course also aimed at giving the students 
a hands on experience in preparing a conference/seminar paper. The expected learning 
outcomes of the course included acquiring a clear knowledge about the following aspects of 
preparing and presenting a high quality research paper: 


e The structure of a research paper 
e The process of literature survey 
e The accurate preparation of bibliography and their citations in the paper 


e The IEEE format for the preparation of conference/journal papers 


e The concepts of “Abstracts”, “Keywords”, and the like 
e The methodology of presenting a multi-author paper in a seminar/conference. 


The articles compiled in this Proceedings are not even moderately edited. The editors 
have only ensured that the basic learning outcomes outlined above have been met. However, 
the editors have tried to ensure that the titles of chapters, sections, etc., the abstract, 
figure and table captions, and the like are as per IEEE guidelines. The references have not 
been checked for accuracy and completion. The papers have not been edited for grammar, 
punctuation, spelling or style. 

The present work is only a record of the activities of the course referred to above and 
it is prepared only for private circulation. To the best of our understanding the authors of 
the papers have given proper attribution to ideas and material presented in the papers. If 
there are no attributions or improper attributions, it was unintentional. Hence the contents 
have not been subjected to plagiarism tests. 

It is believed that the teachers as well the students have greatly enjoyed doing the seminar 
course. There are still much scope for improvement. It is our hope that the future batches 
of students will have a stronger and wider learning experience from similar seminar courses. 


November 2019 Editors 


lFor different models of editing, see, for example “IEEE Editorial Style manual”, [Online] Available: 
https://www.ieee.org/documents/style_manual.pdf (April 2017). 
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Cloud Computing: Trends and Security 


Aashrith N, Akshara P M 
and Sreeraj Jayakumar 
Vidya Academy of Science & Technology 
Thrissur - 680501, India 


Abstract—This paper presents an overview of cloud computing 
trends and its applications, and the challenges, advantages and 
disadvantages of cloud computing technologies such as Edge 
Computing and Fog Computing. the paper also describes the 
online business technology known as E-Commerce. There is 
also a description of the different threats to cloud computing 
and of solutions to these threats using cyber security models. 


Index Terms—Cloud computing, E-commerce, edge computing, 
fog computing, threats, cyber security models. 


I. INTRODUCTION 


LOUD computing refers to applications and services 
that run on a distributed network using virtualized 
resources and accessed by common Internet protocols 
and networking standards. A cloud computing is an online 
type computing using a network of remote servers hosted on 
the internet to store, manage and process data rather than a 
local server or a personal computer. Cloud computing is one 
of the emerging technologies in this era. As cloud computing 
evolves, there also arises a set of security issues. To overcome 
these issues some measures and cyber securities has been 
developed which ensures the strength of the cloud computing. 
This paper introduces the concept of cloud computing by 
discussing various aspects of its developments and security 
measures. Cloud computing technology effects on different 
sectors including : 


e E-Commerce: It offers online services which help 
buying and selling of products easily, with less cost and 
more efficiency. 

e Edge Computing: It brings computing closer to the 
source of the data, this helps to minimise the need for 
long distance communication between a client and server. 

e Fog Computing: It helps to extend the concept of cloud 
computing to network edge and makes it ideal for IoT and 
other applications that requires real time interactions. 


II. CLOUD COMPUTING IN THE E-COMMERCE WORLD 
A. Cloud Computing And E-Commerce 


Cloud computing is one of the best emerging technology in 
this era. It is the online practice of using network of remote 
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servers hosted on the internet for storing, managing and pro- 
cessing data on demand and have to pay as per use. The cloud 
computing providers provides online business applications 
which were then accessed by the users through web browsers. 
Cloud computing provides access to shared resources rather 
than local servers or personal computers. Each individuals and 
organizations have started using cloud computing as their main 
domain. As cloud computing evolves many security issues also 
arises and to refrain this, some security measures has been 
developed which ensures the strength of the cloud computing. 
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Fig. 1. Cloud Computing 


E-Commerce (Electronic Commerce) came into existence 
since the late 1970’s. Many E-Commerce enterprises move 
to cloud computing because cloud computing provides online 
services in higher efficiency and lower costs and enables 
faster deployments which helps IT and business leaders to 
evaluate new opportunities without large investments. Cloud 
computing helps e-commerce companies to eliminate the need 
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for purchasing hardware and software and enables to rent the 
applications and hardware. E-commerce provides a flexible 
platform for business to sell products online without having 
to physically rent an office. E-Commerce can be categorized 
as follows: 


e B2C E-Commerce 
Business to Consumer E-Commerce: Enterprises can sell 
to the consumers directly. 

e C2B E-Commerce 
Consumer to Business E-Commerce: Consumers can sell 
products to the enterprises. 

e B2B E-Commerce 
Business to Business E-Commerce: E-Transactions be- 
tween enterprises. 

e C2C E-Commerce 
Consumer to Consumer E-Commerce: E-Transactions 
between consumers themselves. 


B. Applications of E-Commerce 


e Online marketing and purchasing 
e Retail and wholesale 

e Finance 

e Manufacturing 

e Online Auction 

e E-Banking 

e Online publishing 

e Online booking (tickets, seats. etc) 


C. E-Commerce Cloud Challenges 


The following are the main list of challenges that are needed 
to be considered : 


1) Security: Security is one of the major issues of cloud 
when the data is created and processed.It is very difficult 
to deal with the problems to protect data and programs 
from attacks. It is even possible for an intruder to 
interrupt a connection between e-commerce enterprises 
and their customers and during the processing, data can 
be modified,accessed,exposed or even can be destroyed 
while in transit. 

2) Data Privacy: Inorder to ensure the data pri- 
vacy in cloud; additional security methods such as 
VLANs, private encryption,firewalls, and local storage of 
sensitive data is necessary. 

3) Data Storage: In Cloud computing,storing of large 
data are possible but they may only have low bandwidth 
connection.High speed local storage in the cloud tends to 
be more expensive. 

4) Service Quality: QoS(Quality of Service) is very 
important in cloud computing. QoS guarantee secu- 
rity,availability,performance,dependability and reliability 
for the services performed between end users and cloud. 

5) Reputation: Clouds often have higher reliability than 
private systems.The reputation for cloud computing ser- 
vices for the quality of services are shared by tenants.An 
outrage of cloud provider impacts individuals. 


6) Connectivity: To access resources,the end-user must be 
connected to Internet.If the network connections are not 
reliable then they become problematic for the users to 
access information. 

7) Service standard issues: Cloud service providers do 
not make available the details about infrastructure and 
services of cloud.The technology used,information on 
locationsmode of operations are not communicated to 
the clients.Clients who wishes to use such services of 
cloud may be hesitant to do so without knowing this 
information. 


D. Advantages and Disadvantages of Cloud Computing on E- 
Commerce 


See Table I for a description of the advantages and disad- 
vantages of cloud computing on E-Commerce. 


TABLE I 
ADVANTAGES AND DISADVANTAGES OF CLOUD COMPUTING ON 
E-COMMERCE 


Advantages Disadvantages 


Helps increase profit Unpredicted costs 


It’s virtual. It can be secured easily 


Affordable, Flexible & Scalable 


Internet Connectivity and Security 


Technical issues. 


Helps to increase the ease of shop- 


pine for customers Contracts and Lock-Ins. 


Helps organizations do business 
seven days a week & 24 hours a 
day 


Control & Reliability 


III. CLOUD COMPUTING IN THE E-COMMERCE WORLD 


A. Edge Computing 


Edge computing in IT is a paradigm to support the colossal 
growth of Internet of Things (IoT) and to alleviate the burden 
of the cloud computing technology caused as a result. Basi- 
cally edge computing has the potential to handle the concerns 
of battery life, latency, bandwidth, data safety and also privacy 
concerns. 

Cloud computing has been dominating the technological 
era ever since the internet was made public. This was made 
possible due to the exceptional capability of the technology 
that reside at the cloud that made people depend more on 
processing power at the cloud rather than to rely on the devices 
at the edge. However due to the vast number of devices 
joining the IoT and explosive increase in the production of 
data it is becoming difficult to transact data to the cloud. 
Edge computing was established to solve the above problem. 
As the technology is becoming more advanced the devices are 
becoming capable of handling efficient processing powers than 
it used to, hence making it possible to process the data at the 
edge of the network rather than sending it to the cloud server. 
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TABLE II 
ADVANTAGES AND DISADVANTAGES OF EDGE COMPUTING 


Advantages 


Disadvantages 


Fast response due to computa- 
tion being near the edge 


Data Producer 


Edge computing processes and 
analyses only a subset of data, 
discarding raw and incomplete 


Result I [i 


Data Request 


Computing offload 
Data caching/storage 
Data processing 
Request distribution 
Service delivery 

loT management 
Privacy protection 
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Fig. 3. Edge Computing 


1) Applications of Edge Computing: 

e Cloud Offloading 

e Video Analysis 

e Smart Home 

e Smart City 

e Edge for Association 

2) Advantages and Disadvantages of Edge Computing: See 

Table II for a description of the advantages and disadvantages 
of edge computing. 

3) Challenges and Opportunities of Edge Computing: 

e Programmability: In cloud users write their code and is 
then deployed on cloud, the cloud provider decides where 
to run the program hence the users have no knowledge of 
how the applications are executed. This is an advantage 
of cloud computing. But in edge computing the works are 


data 


Low energy consumption 
(roughly reduced to 30-40%) 


Due to the IoT the opportunities 
of attacks are highly likely 


Needs advanced software and 


Better privacy and Security hardware locally 


Lowered cost due to reduced 
bandwidth usage 


Potential Loss or Corruption of 
data 


offloaded and edge nodes are a combination of different 
platforms. This makes it difficult for programmers to 
write and deploy code at the edge. 

Identification: In edge commuting the number of de- 
vices is diverse and ever growing. Hence the naming 
scheme is very important in edge computing so that 
each device can be identified specifically. However, an 
efficient naming mechanism hasnt been created for edge 
computing. 

Data Pre-processing: In cloud computing paradigm 
data abstraction is well researched and defined. But in 
edge computing this issue is very challenging. In case 
of a smart home most of the data sensed are reported 
periodically. For example, a thermometer that can sense 
every minute but this data is only used very few times a 
day. Based on this most of the generated data are being 
wasted, hence the captured data should be properly pre- 
processed to get the necessary. 

Service management: There are four fundamental fea- 
tures in service management 


— Differentiation 
— Extensibility 
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— Isolation 
— Reliability 
e Privacy and security: In edge computing usage privacy 

and security protection are the most important services to 
be provided. Privacy information are learned from sensed 
data. For example, like reading the electricity and water 
usage one can determine data whether a house is vacant 
or not. To protect data security and privacy there are some 
challenges to face. 


B. Fog Computing 


The Fog Computing paradigm extends the cloud computing 
and services to the edge of the network. Basically, it is the 
cloud that is accessible on the ground. Just like the cloud it 
provides data, computation, storage, and also other application 
services to the edge of the network by placing a device called 
Fog Device near It. A fog device or a fog node can be placed 
anywhere with a network connection like: on a factory floor, 
on top of a power pole, alongside a railway track, in a vehicle, 
or on an oil rig etc. 

In January 2014 CISCO revealed their own fog computing 
vision designed to provide tons application on billions of 
connected devices in the internet of things. It was made possi- 
ble by Ciscos 10x framework of networked devices including 
routers, switches, and IP video camera. In fog computing the 
services are hosted near the edge of network using small data 
centers, set-top boxes or access points. 


BY 


Pt FOG 


Fig. 4. Fog Computing 


For many years, cloud computing has been the pillar for 
processing and storing large amounts of data generated by 
IoT. By implementing the pay as you go cloud model it 
became an efficient way to store and manage data than owning 
and managing private data centers .Cloud computing frees 
enterprises from shackles known as storage limit, computation 
limitation and also from network communication cost. This 
becomes a problem because of the explosive development 
of IoT, the data generated at high speeds and high latency 
hinders the cloud service usage. Fog computing paradigm was 
introduced as a way to minimize latency by bringing the part 
of cloud to the ground. 

1) Cloud vs Fog: Key Differences: See Table IM for a 
list of the key differences between cloud computing and fog 
computing. 

2) Applications of Fog Computing: 

e Smart Street 

e Smart Grid 


TABLE III 
CLOUD VS. FoG 


Cloud Computing 


Fog Computing 


Data are processed in a central- 
ized cloud server, Which takes 
a lot of time to upload and 
download data 


Fog operates on the edge of 
network , hence needs less time 


Bandwidth problem caused by 
sending every bit of data to the 
server 


Less Bandwidth demand as ev- 
ery bit of data is aggregated at 
particular points in the network 


Slow response time and scala- 
bility due to the servers being 
located at remote places 


By setting small edge servers 
near the user, it is possible for 
fog to reduce response time 
considerably and solves scala- 
bility issues 


e Augmented Reality (AR) 

e Smart City 

3) Advantages and Disadvantages of Fog Computing: See 
Table IV for a list of the advantages and disadvantages of fog 
computiong. 


TABLE IV 
ADVANTAGES AND DISADVANTAGES OF FOG COMPUTING 


Advantages 


Disadvantages 


Provides security against mas- 
querade activity 


Attacker cant be identified 


Provides high level of scalabil- 
ity, reliability and fault toler- 
ance 


We cannot identify who is being 
attacked 


Reduction in data movement 
decreases congestion , cost and 
latency 


We can’t tell which file was 
being hacked 


High security due to the en- 
crypted data being in network 


High power consumption in fog 
nodes 


core 


Encryption algorithm and secu- 
rity policies difficulties to de- 
vices to share data 


Fog devices are mobile in na- 
ture. It can leave or join groups 


Fog nodes can withstand harsh 
environmental conditions in 
places such as tracks, vehicles, 
undersea, factory etc. 


To achieve high data consis- 
tency is very challenging 


4) Challenges of Fog Computing: 

e Synchronisation Applications: Applications that re- 
quires synchronisation and discovery will need an effec- 
tive centralized point for continuous data movement. 

e Management: Hosting several billions of devices that 
relies on decentralized management is very difficult to 
achieve. Even now there is no effective mechanism that 
was tested in works in these scenarios. 

e Storage/storage Limitation: Due to the colossal de- 
velopment of IoT devices the data being generated is in 
vast quantities, hence need more powerful computational 
hardware and storage devices . 

e Security Concerns: The same security problems that af- 
fect the virtualized environments can be seen to affect fog 
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devices hosting applications. Presence of the sandboxes 
for the execution of droplet applications poses privacy 
and trust issues to fog applications. 

e Standardisation: Currently there is no available stan- 
dardisation for computing. So, any member of the net- 
work can announce their availability to host other soft- 
ware and sent it to be run. 


IV. SECURITY CONCERNS ON CLOUD COMPUTING 
A. Threats faced by Cloud Computing 


Cloud Computing has been following the trend as of now. 
The number of consumers of Cloud Computing is being 
increased to multiples day by day. It provides many function- 
alities like remote access, mobility, and cost efficiency. It also 
provides many advantages such as speed and efficiency. But 
on the other hand, like any other technology that face more 
threats as they grow up, Cloud Computing too follow this. 

Information systems are today used everywhere by individ- 
uals or organizations and systems are target to information 
security attacks, these attacks could be from hackers, viruses 
or internal employees and it is very clear now that this would 
lead to lose a large amount of money, time and other resources. 
Some of the common attacks are mentioned below : 

e Denial of service (DoS): Flood attacks occur when the 
system receives too much traffic for the server to buffer, 
causing them to slow down and eventually stop. DoS 
attacks accomplish this by flooding the target with traffic, 
or sending it information that triggers a crash. 

e Flooding attacks: A type of Denial of Service Attack 
which uses the idea of overloading server hosting ser- 
vices by forwarding a large number of requests for data 
processing. 

e Data loss or leakage: User’s data is always stored in 
a remote area. There can be chances of the data loss or 
leakage. This loss may be because of operational failures 
due to insufficient authentication or authorization. 

e Insider Threat: Attacks that comes from inside an orga- 
nization itself, by means of people within an organization, 
such as formal employees or so, who have the information 
about organizations security practices. 

e Heinous use of Cloud Computing: Cloud computing 
does not provide a secure registration system with which 
spammers or malicious code authors or other cyber crim- 
inals try to attack the details such as the information on 
Credit Card Details. 

e Computer Viruses: Computer software programs that 
behaves like any other computer applications and partic- 
ipate in damaging the computer hardware, software or 
data. This may modify, delete, or corrupt data without 
any authorization. 

e Spywares: Unknowingly installed programs on a com- 
puter with willingness of user; mainly free software that 
comes along with installation of other programs; that try 


malicious websites that ask to login for sensitive details. 
Spams are known as electronic junks. Many customers 
tend to fall in these traps. 

e Human Errors: Through 2020, 95% of cloud security 
failures will be the customers fault.; said Jay Heiser, 
Research Vice President at Gartner. Customers may be 
amateurs in computing field which lead to poor usage of 
Cloud Computing. 

Other classifications of threats include: 
e Those originating from the virtual machines 
— Monitoring Virtual Machines from other Virtual Ma- 
chines 
— Virtual Machine Mobility 
— Communication between Virtual Machines 
e Those originating from the host 
— Monitoring Virtual Machines from host 
Virtual Machine Mobility 
— Communication between Virtual Machine and host 
Placement of malicious VM images on physical 
systems. 


B. Cyber Security on Cloud Computing 


The usage of technologies, processes, and practices, that are 
designed to protect networks, devices, programs, and data from 
attack, damage, or unauthorized access is termed as Cyber 
security. Cyber security can be clubbed with Cloud Computing 
to ensure the integrity of data of the users and the companies 
that contract the services. 

Some basic measures that Cyber Security offers are secure 
navigation, verification of accessing person, firewalls, encryp- 
tion etc.; but these are not just enough. Organizations should 
spend a large investment in evaluating security technologies. 
One good routine is to have good concentration on Risk 
Estimation. 

1) Risk Estimation: A risk is defined as The probability 
of cause of a problem when a threat was triggered by vul- 
nerabilities. According to Tsiakis, 2010; Foroughi, 2008, the 
loss (or damage) of assets in an organization due to the cyber 
security incidents is measured by considering assets, threats, 
and vulnerability and so, the risk of an information systems 
asset could be determined by the following formula: 


Risk = Threat * Vulnerability * Impact 


There are different risk estimation measures. These can be 
either quantitative or qualitative. These can be used to get an 
idea on what portion of data is under risk if a cyber-attack 
takes place. Some common risk estimation measures include 
the following: 

e Single Loss Expectancy (SLE) 

e Annual Loss Expectancy (ALE) 

e Operationally Critical Threat, Asset, and Vulnerability 

Evaluation (OCTAVE) 


to collect passwords and other sensitive data. e CCTA Risk Analysis and Management Method 
e Scams and Spams: Both of these categories may be (CRAMM) 
identified as threats. Scams are emails that are sent from e Mean Failure-Cost (MFC) 
Aashrith N et al., “Cloud Computing: Trends and Security” 5 
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Among these CRAMM, OCTAVE are qualitative measures that 
are simple frameworks for assessing risk information. SLE and 
ALE are quantitative measures. MFC on one hand provides 
many advantages as well. 

2) Mean Failure-Cost (MFC): In BenAissa et al. (2010) 
introduce the concept of mean failure cost as a measure of 
dependability in general, and a measure of cyber security in 
particular. We use the following matrices to calculate the MFC. 
These are the following : 

e The Stakes Matrix 

e The Dependency Matrix 

e The Impact Matrix 
Depending on these matrices and the attributes used, values are 
calculated and finding the dot product of each of the resultant 
matrix, we calculate the MFC. 

3) Principles of Security Information: This paper describes 
three Principles that are based on Security Information that 
should be followed, which are important pillars of Cloud 
Security. These are : 

e Availability: Availability refers to the subscribers ability 

to retrieve his/ her information when he/she needs it. 

e Integrity: Integrity refers to the assurances offered to 
subscribers that their data is not lost or damaged as a 
result of malicious or inadvertent activity. 

e Confidentiality: Confidentiality refers to the assurances 
offered by subscribers that their data is protected from 
unauthorized access. 


V. CONCLUSION 


Cloud computing is an emerging computing paradigm that 
offers end users the benefit of virtually unlimited computing 
resources, the convenience of professional system operation 
and maintenance, and the economy of on-demand billing. It 
provides a lot of features like that it is applied in different 
fields like e-Commerce and so. There are different layers of 
Cloud Computing; Edge Computing and Fog Computing does 
provide a variety of applications such as Smart City etc. This 
proves the use of Cloud Computing is becoming a trend in a 
lot of areas. 

Like mentioned, Cloud Computing faces a lot of threats and 
challenges and overcoming these is a big task for the cloud 


vendors to promote the business for them. Cloud provides a 
set of security standards using Cyber Security models with 
which it can stand out from these threats, securing user data by 
bringing the basic fundamentals of security such as Availabil- 
ity, Integrity and Confidentiality. The Cloud Computing trend 
moves in a fast pace. It gets to higher steps of application 
levels. 
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Abstract—Mobile ad hoc network (MANET) is a kind of mobile 
multi-hop network which can transmit data through intermediate 
nodes. It has been widely used and become important since the 
growing of the market of Internet of Things (IoT). However, the 
transmissions on MANET are vulnerable, it usually suffered with 
many internal or external attacks, and the research on security 
topics of MANET are becoming more and more hot recently. 
Blackhole Attack and Wormhole Attack are some of the most 
famous attacks to MANET. In this paper, we focus on the network 
routing threats and attacks in MANET. 


Index Terms—AODV, blackhole attack, MANET, network 
security, RREP, RREQ, wormhole attack. 


I. INTRODUCTION 


mobile nodes which helps centralized management 

of devices. MANET is dynamic decentralized, and 
infrastructure less network used in various application for 
academics, disaster management, health, defense etc. The vast 
amount of equipment and data can be targeted or exploited by 
attackers. The main features of MANET includes frequent bat- 
tery power, limited bandwidth, computing power and battery 
power etc. there are two types of routing protocols re there: 
active routing protocols, reactive routing protocols and hybrid 
routing protocols. Active routing protocols are also known as 
table driven protocols, which periodically exchange the routing 
information in order to maintain the correct information. Com- 
mon active routing protocols are optimized Link State Routing 
Protocol (OLSR) and Destination Ordinal Distance Vector 
Routing (DSDV). Reactive routing protocols such as Ad- 
Hoc On-Demand Distance Vector Routing Protocol (AODV) 
and Dynamic Source Routing Protocol (DSR) are called On 
Demand Routing Protocols and establish routing when two 
nodes need to transmit data. Hybrid routing protocols are 
combination of reactive and proactive routing protocols.Hybrid 
Routing Protocol (HRP) is a network routing protocol that 
combines Distance Vector Routing Protocol (DVRP) and Link 
State Routing Protocol (LSRP) features. HRP is used to deter- 
mine optimal network destination routes and report network 
topology data modifications. 


A Mobile Ad Hoc Network (MANET) is a group of 
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Fig. 1: Mobile connection in MANET 


II. NETWORK ROUTING THREATS 


MANET security is an important factor affecting the basic 
functions of the network. The fundamental dangers to a system 
are as per the following: 


A. Secrecy 


The essential classification danger with regards to directing 
conventions is to the security of steering data itself, which 
prompts to an optional protection risk to data, for example, 
system topology, topological area and so forth. 


B. Honesty 


The trustworthiness of a system relies on upon all hubs 
in the system taking after right directing techniques so that 
each hub has remedy steering data.Subsequently dangers to 
uprightness are those which either present mistaken directing 
data or modify existing data. 


C. Approval 


An unapproved hub is one which is not permitted to have 
admittance to directing data, and is not approved to take 
an interest in the impromptu steering convention.There is 
no supposition that there is no supposition that there is an 
unequivocal and formal convention, basically a theoretical idea 
of authorization. 
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D. Trustworthiness and Reliability 


One of the most widely recognized applications for specially 
appointed systems is in crisis circumstances when the utiliza- 
tion of wired foundation is infeasible. Thus, steering must be 
solid, and crisis system must be required. 


III. ATTACKS IN AD HOC NETWORK 


MANET is most vulnerable to attacks than fixed networks 
because of its dynamic topology, open media, lack of cen- 
tralized monitoring and management. The AODV protocol 
assumes that all nodes are trustworthy and lacks security 
considerations, which leads to the vulnerability being exploited 
frequently by intruders. Blackholes, wormholes and DDOS are 
the most famous attacks in MANET. 


A. Blackhole attacks 


In black hole attack, a malicious node uses its routing 
protocol in order to publicize itself for having the shortest 
route to the destination node. The black hole attack is one 
of the well-known security threats in wireless mobile ad hoc 
networks. The intruders utilize the loophole to carry out their 
malicious behaviors because the route discovery process is 
necessary and inevitable. 

Blackhole attack have the most serious impact on network 
performance. Upon receiving the RREQ, the blackhole node 
immediately sends a malicious RREP that sets the destination 
node serial number to a maximum and sets the number of hops 
to a minimum, thus claiming to have the latest and shortest 
path to the destination node. The originating node discards 
all other RREP responses and begins sending packets to the 
malicious node. Therefore, all packets sends to the blackhole 
node will be absorbed by it without forwarding the packet 
to the destination node, which act as the blackhole in the 
network.A black hole problem means that one malicious node 
utilizes the routing protocol to claim itself of being the shortest 
path to the destination node, but drops the routing packets but 
does not forward packets to its neighbors. A single black hole 
attack is easily happened in the mobile ad hoc networks. 

In order to succeed in the attack, the node must create a 
route reply message with a sequence number larger than the 
current sequence number to absorb all the packets and then 
discards them.Black hole attacks can be classified based on 
the way of the attack perform into two main types: Simple 
or Single Black Hole Attack, and Collaborative Black Hole 
Attack, in which, two or more nodes collaborate, to manipulate 
the routing information to hide from the detection mechanisms 
or to form a team that prevents the data from reaching a 
specific node, and its much more dangerous than the first type 
because it is hard to detect and easy to be performed. where 
one malicious node sends the data to another malicious node 
that, in turn, swallows the data packets without forwarding 
those. Black hole attack degrades the network performance, 
causing a low packet delivery ratio, less throughput, and 
disturbing the route discovery process 


Fig. 2: Scenario of Blackhole attack 


B. Wormhole attacks 


Wormhole Attack is a very dangerous attack in the Mobile 
Adhoc Network. In these networks, few nodes make a tunnel 
together by a high quality wireless link or a logical link. In 
wormhole attack, the traffic is enter from one end, moves 
through the tunnel and exit from another end. When the 
attacker attacks on the message, it copies the packet to other 
attacker through tunnel and then the attacker replays the 
message in the network. 

Wormhole attack is a grave attack in which two attackers 
locate themselves strategically in the network. Then the attack- 
ers keep on listening to the network, and record the wireless 
information. In wormhole attacks, the attacker receives packets 
at one point in the network and tunnels them to another 
part of the network and replays them into the network from 
that point onward. In case of reactive protocols like DSR 
and AODV, this attack could be launched by tunneling every 
REQUEST to the target destination node directly. When the 
destination’s neighboring nodes hear this REQUEST packet, 
they follow normal protocol operation to rebroadcast that 
REQUEST packet and then discard any other REQUESTS 
for the same route discovery. Thus, this prevents discovery 
of any routes other than those through the wormhole. This 
puts the attacker in a position from where any attack can be 
launched on the network as it practically controls all the routes 
discovered after the wormhole. 

A wormhole attack is a particularly severe attack on 
MANET routing where two attackers connected by a high- 
speed off-channel link called the wormhole link. The worm- 
hole link can be established by using a network cable and 
any form of wired link technology or a long-range wireless 
transmission in a different band. The end-point of this link 
(wormhole nodes) is equipped with radio transceivers com- 
patible with the ad hoc or sensor network to be attacked. 
Once the wormhole link is established, the adversary record 
the wireless data they overhear, forward it to each other, and 
replays the packets through the wormhole link at the other end 
of the network. Replaying valid network messages at improper 
places, wormhole attackers can make far apart nodes believe 
they are immediate neighbors, and force all communications 
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Fig. 3: Scenario of Wormhole attack 


between affected nodes to go though them. 

1) Introduction to wormhole attack: Wormhole attack 
makes a channel. The channel records traffic statistics at one 
network position. In wormhole attack, the attacker receives 
packets at one point in the network, tunnels the packet to 
other part of network and reply them into the network from 
start point onwards. In wormhole attack, they put themselves 
in the powerful strategic position in the network. They utilize 
their location, that is, they have the shortest path among the 
network. 

They publicize their route to other node in network to 
announce that they have shortest route for transfer the infor- 
mation. When the attacker node creates a direct link between 
each other in network, then wormhole attacker at one side 
receives the packets and transfer them to other node of the 
network. 

The basic idea that lies behind the wormhole attack is that 
the wormhole malicious nodes pull the traffic by advertising 
short paths, with minimum number of hops. It is therefore 
more likely possible to have those wormhole routes participate 
in routing packets. 

2) flowchart of wormhole detection: A sender need to 
communicate with the receiver in the network. Send a HELLO 
message to all of the neighbors of the sender. Mark the one 
hop route on the route and not on existing route. Now ask 
the entire neighbor except marked node to fine target and 
report number of hops. If numbers of hopes are greater than 
sensitivity parameter then wormhole attack is detected. If not 
then fine next hope sender and find is sender last node before 
destination? If yes then get neighbors and on hop neighbors 
of destination and then ask neighbor to find out indirect route 
to target. Now check if number of hopes are 2 is greater than 
sensitivity parameter or not. If yes then wormhole attack is 
detected, if no then not detected. To prevent this wormhole 
attack we can separate tunnel to send the data packets from 
one mobile node to other. 


IV. ROUTING PROTOCOLS IN ADHOC 


An AdHoc routing protocol is a convention, or standard, 
that controls how nodes decide which way to route packets 
between computing devices in a mobile ad hoc network. 
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Fig. 4: Flow chart of design steps on network model 


As mentioned above the routing protocols are classified into 
Reactive, Proactive and Hybrid routing protocols. 


A. AODV Routing protocol 


The Ad-hoc On-Demand Distance Vector (AODV) routing 
protocol is designed for use in ad-hoc mobile networks. 
AODV is a reactive protocol: the routes are created only when 
they are needed. It uses traditional routing tables, one entry 
per destination, and sequence numbers to determine whether 
routing information is up to- date and to prevent routing 
loops. An important feature of AODV is the maintenance of 
time-based states in each node. Route discovery is based on 
query and reply cycles, and route information is stored in 
all intermediate nodes along the route in the form of route 
table entries. The following control packets are used: routing 
request message (RREQ) is broadcasted by a node requiring 
a route to another node, routing reply message (RREP) is 
unicasted back to the source of RREQ, and route error message 
(RERR) is sent to notify other nodes of the loss of the link. 
HELLO messages are used for detecting and monitoring links 
to neighbors. 


B. Secure cross layer routing protocol 


The CLPC model collects the RSS values from their neigh- 
bors using hello packets and dynamic transmission power 
control mechanism. Every node calculates minimum RSS, 
average RSS and maximum RSS. Source generally selects 
the node with a min distance from it and having maximum 
RSS. Nodes with maximum RSS id considered as most durable 
and reliable. These RSS physical layer are interfaced to the 
network layer by MAC layer. Depending upon the RSS value 
routing decision are made. The timely updated RSS values 
allows the nodes to modify the transmission power at the 
physical layer. 
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V. CONCLUSION 


With the development of the Internet of Things and the 
developing of 5G techniques, high-speed and massive data 
are constantly flowing on the network, and a large number 
of devices are distributed in every corner of the network. 
Network security has become extremely important, but it 
is also facing enormous challenges. In this paper, we take 
project requirements (network security metrics and parameter 
collection) as motivation to study MANET security issues, 
including the features of Blackhole Attack, Wormhole attack 
and the impact on network performance. One can do research 
on using reactive, proactive and hybrid routing protocols on 
the WiMAX based MANET system with various methods of 
wormhole detection and prevention. Instead of UDP protocol 
we can use TCP protocol also to transmit and receive the data 
packets. If one increases the simulation area then relay stations 
may increase so anyone can work on the technique which will 
increase the packet delivery ratio of the system. 

A large number of different kinds of routing protocols 
are practiced in mobile Ad hoc networks. The use of a 
specific routing protocol in mobile Ad hoc network depends 
upon number factors including size of the network, load, 
mobility requirements, routing overhead and end-to-end delay. 
In recent years on-demand routing protocols have attained 
more attention in mobile Ad hoc networks as compared to 
other routing schemes due to their potential flexibility in 
deployment and efficiency in terms throughput. They are 
able to organize themselves dynamically with lower memory 
overhead and lower bandwidth requirement than table driven 
protocols. There exist many on-demand routing protocols for 
mobile Ad hoc networks (MANETS). Most of the protocols, 
however, discover a single route and fail to utilize multiple 


alternate paths. Multipath routing allows the establishment of 
multiple paths between a single source and single destination 
node and in the event the path breaks, an alternate path is used 
instead of initiating a new route discovery. Hence multipath 
routing stands a promising routing method for wireless mobile 
Ad hoc networks. Multipath routing protocols achieve lower 
routing overhead, lower end-to-end delay, more resilient to 
route failures and alleviate congestion in comparison with 
single path routing protocols. 
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Abstract—Cloud computing is taking services (”cloud ser- 
vices”) and moving them outside an organization’s firewall. 
Applications, storage and other services are accessed via the Web. 
The services are delivered and used over the Internet and are 
paid for by the cloud customer on an as-needed or pay-per- 
use business model. As now cloud computing is becoming the 
hotspot in the field of information technology and it is highly 
convenient and strong in data processing. Along with this the 
security challenges and privacy issues are rising day by day. 
Solutions for these issues are discussed. 

Index Terms—Cloud, privacy, security. 


I. INTRODUCTION 


NE of the most widely and commonly used definition 

of cloud computing model is the definition given by 

NIST. NIST defines the model as follows: “Cloud 
computing is a model for enabling convenient, on-demand 
network access to a shared pool of configurable computing 
resources (e.g., networks, servers, storage, applications, and 
services) that can be rapidly provisioned and released with 
minimal management effort or service provider interaction. 
This cloud model promotes availability and is composed of 
five essential characteristics, three delivery models, and four 
deployment models.” 

There are three different service models in cloud computing 
named Software as a Service (SaaS), Infrastructure as a 
Service (IaaS) and Platform as a Service (Paas). Which type 
of cloud is to be implemented is a major decision to be made 
while providing secure cloud computing solutions. There are 
four types of deployment models, namely, Public, Private, 
Community and Hybrid. When the environment becomes as 
dynamic and demanding as cloud computing, network security 
becomes much more difficult to control. Evolution of cloud 
computing is from many different technologies such as vir- 
tualization, grid computing, autonomic-computing, and some 
other technologies. 


II. SECURITY ISSUES AND CHALLENGES 


Security and liability are the main concerns over the Cloud. 
Security issues can be divided into two general classes: 
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security concerns faced by the CSP and security concerns 
faced by their users. Cloud services are often implemented 
with high security technologies. However, there are several 
security issues that risk the user’s utilization of the Cloud. 


1) Confidentiality and Privacy: Privacy can also be de- 
scribed as ”the most sensitive issue, with conceptual, legal, and 
technological implications”. Without privacy, our important 
and sensitive personal data is at risk and our freedom will 
be limited. Confidentiality is the ability for an authorized 
group of users or authorized systems to access protected data. 
The increase in devices’ usage leads to the increase in access 
points; hence the data becomes more exposed and more likely 
to be compromised. 


e Multitenancy 
Multitenancy is an essential Cloud property that enables 
the share of resources such as the memory, application, 
networks and data. The hardware component is shared 
by different users, while the virtual level is isolated for 
every user. 

e Data Confidentiality 
Data confidentiality is an important factor in providing a 
secure system. Access control to the memory, devices, 
and software is one of the huge problems faced by 
CSPs. Therefore, providing a weak non-secure verifica- 
tion system may lead to unauthorized access within Cloud 
services. 

e Application Security 
Software security is another important factor for provid- 
ing a secure system in addition to data confidentiality. 
It relies on trusting the handling of user data through a 
secure method. 

e Privacy 
Privacy is the willingness to control users’ private data 
from being exposed. CSPs are facing a big challenge in 
securing personal data from intruders. Moreover, due to 
multiple locations of data storage across the globe, the 
risk of security breaches increase. 
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2) Integrity: Integrity is a main characteristic of informa- 
tion security by the means that only authorized people can 
maintain resources. 


e Data Integrity 
Data integrity is protecting data from unauthorized access 
and modification. The service provider should ensure that 
personal data are not manipulated in order to achieve a 
high level of confidentiality in data and system integrity. 
Due to the increasing number of users and access points 
required to access those services, authorization becomes 
more vital in securing the Cloud from unauthorized 
access. 

e Software Integrity 
Software integrity is protecting the software from unau- 
thorized access and modification. The software owner or 
administrator is responsible for software integrity, while 
the CSP is responsible for hardware and network integrity 
from unauthorized modification. 


3) Availability: Authorized ability to access a system and 
use it to process multiple operations even with a security 
interruption or a system malfunction. Availability includes the 
availability of data, applications and physical components on 
request. 

4) Identification and Authentication: Considering the type 
of cloud as well as the delivery model in cloud computing, 
the specified users must be granted supplementary access 
priorities and permissions. This process targets at verifying 
and validating cloud users through usernames and passwords 
protections in the cloud profiles. 

5) Authorization: An important information security re- 
quirement in cloud computing is to maintain referential 
integrity and authorization. It controls and privileges over 
process flow within cloud computing. The authorization is 
maintained by the system administrator in the private cloud. 

6) Non-repudiation: Non-repudiation in Cloud computing 
can be obtained by applying the traditional e-commerce se- 
curity protocols and token provisioning to data transmission 
within cloud applications such as digital signatures, times- 
tamps and confirmation receipts services. 


HI. DATA LIFE CYCLE 


The entire process from generation to destruction of the data 
is referred to as Data Life Cycle (see Figure 1). 
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Fig. 1. Data life cycle 


1) Data Generation 
Data generation is involved in the data ownership. In the 
traditional IT environment, usually users or organizations 
own and manage the data. But if data is to be migrated 
into cloud, it should be considered that how to maintain 
the data ownership. 

2) Transfer 
For data transmission across enterprise boundaries, both 
data confidentiality and integrity should be ensured in 
order to prevent data from being tapped and tampered 
with by unauthorized users. In other words, only the data 
encryption is not enough. Data integrity is also needed 
to be ensured. Therefore it should ensure that transport 
protocols provide both confidentiality and integrity. 

3) Use 
For the static data using a simple storage service, such 
as Amazon S3, data encryption is feasible. However, for 
the static data used by cloud-based applications in PaaS 
or SaaS model, data encryption in many cases is not 
feasible. Due to the multi-tenant feature of cloud com- 
puting models, the data being processed by cloudbased 
applications is stored together with the data of other users. 
Unencrypted data in the process is a serious threat to data 
security. 

4) Share 
Data sharing is expanding the use range of the data and 
renders data permissions more complex. The data owners 
can authorize the data access to one party, and in turn the 
party can further share the data to another party without 
the consent of the data owners. Therefore, during data 
sharing, especially when shared with a third party, the 
data owners need to consider whether the third party 
continues to maintain the original protection measures 
and usage restrictions. 

5) Storage 
The data in the cloud may be divided into: (1) The data 
in IaaS environment, such as Amazon’s Simple Storage 
Service; (2) The data in PaaS or SaaS environment related 
to cloudbased applications. The data stored in the cloud 
storages is similar with the ones stored in other places and 
needs to consider three aspects of information security: 
confidentiality, integrity and availability 

6) Archival 
Archiving for data focuses on the storage media, whether 
to provide off-site storage and storage duration. If the data 
is stored on portable media and then the media is out of 
control, the data are likely to take the risk of leakage. 
If the cloud service providers do not provide off-site 
archiving, the availability of the data will be threatened 

7) Destruction 
Due to the physical characteristics of storage medium, the 
data deleted may still exist and can be restored. This may 
result in inadvertently disclose of sensitive information. 
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IV. SECURITY CHALLENGES IN HYBRID CLOUD 


Today, most of the enterprise applications are multi-tiered 
in nature and typically consist of multiple components. Hybrid 
architecture allows the enterprises to place their applications 
partly on premises and partly in the cloud. Since data is the life 
blood of many enterprises, monitoring the access permissions 
and protecting it is very important. Any compromise in the 
data security will not be acceptable and many solutions are 
created to protect such data and information 


A. Reconfiguration Issue 


Many issues are generated due to migration of components 
from the internal cloud to the public cloud. 


1) Component Placement 
Planning which components to migrate to the cloud 
is a complex problem. Today, most of the enterprise 
applications consist of large number of components with 
complex interactions and inter-dependencies. Before mi- 
grating, component’s many factors must be taken into 
account such as enterprise policies, cost savings from 
migration, increased transaction delays, wide area com- 
munication costs that may result from a migration. 

2) Addressing 
Nowadays, most of the enterprises are looking towards 
the cloud for dynamic applications and deployment like 
easily creating a set of virtual machines within the cloud 
to run the application, but there are difficulties when 
trying to link the different application components in and 
out of the cloud. 

3) Firewall 
In order to safeguard the components moved to the 
cloud, it is the responsibility of the enterprise to create 
a firewall within the cloud and at the gateway of its 
own network. While firewalls rules are carefully designed 
reflecting the complex application interdependencies so 
only the application components that need to talk to each 
other are permitted to do so, they pose some limitations 
like exposing security holes at time of misconfiguration, 
vulnerable to dynamic cloud computing environments. 
Due to continuous changing requirements of current 
enterprises firewall does not provide a good solution 
because firewall rules should be modified for each trivial 
update in enterprise. 


B. Shared Technology Issues 


IaaS provider might offer multiple clients partitioned Virtual 
Machine (VM) access to the same physical server. Multitenant 
systems that store multiple clients data in one logical and 
physical database are more prone to this kind of error than 
those that store each tenants data in separate logical databases 
with different schemas for each client. There is a chance of 
accessing data in one VM from another VM on the same 
physical server. 


C. Application Security 


It is the responsibility of the cloud provider to implement 
application security and at the same time enterprises have 
to make sure that their API calls directed towards cloud 
are secure and clean. Denial of Service attack on cloud 
management APIs can be caused by sending poor SOAP or 
REST requests from enterprise. 


V. SECURITY ATTACKS AND THREATS 


As world is moving towards cloud computing in a very high 
rate of speed, the attacks and threats are also rising according 
to that.Some of the attacks faced by cloud is listed below: 


A. Denial of Service Attacks (DoS) 


In DoS attack, an attacker overloads the target cloud system 
with service requests so that it stop responding to any new 
requests and thus resources are made unavailable to its users. 
DoS attacks are of many types: 


1) An attacker can overload the target with large amount 
of junk data that consume the network bandwidth and 
resources. 

2) An attacker can make use of blank space (lacuna) that 
associated with various networking protocol to overload 
target resource. 

3) An attacker can make HTTP request in large amount so 
that it can not be handle by the server. 


B. Cloud Malware Injection Attack 


An attacker trying to inject malicious service or virtual 
machine into the cloud is known as Cloud Malware Injection 
Attack. The main scenario behind the Cloud Malware Injection 
attack is that an attacker transfers a malicious service instance 
into cloud so that it can achieve access to the service requests 
of the victims service. To achieve this, the attacker has to 
derive control over the victims data in the cloud. According 
to classification, this attack is the major representative of 
exploiting the service-to-cloud attack surface. The purpose of 
cloud malware injection attack can be anything in which an 
attacker is interested; it may include data modifications, full 
functionality changes/reverse or blockings. 


C. Side Channel Attack 


An attacker attempts to compromise the cloud system by 
placing a malicious virtual machine in close proximity to a 
target cloud server system and then launching a side chan- 
nel attack. Side-channel attacks have emerged as a kind of 
effective security threat targeting system implementation of 
cryptographic algorithms. Evaluating cryptographic systems 
resilience to side-channel attacks is therefore important for 
secure system design. It can be very easy to gain secret 
information from a device. 
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D. Authentication Attack 


Authentication is a weak point in cloud computing services 
which is frequently exploited by attackers. Today most of 
the services still use simple username and password type of 
knowledge-based authentication, but some exception are finan- 
cial institutions which are using various forms of secondary 
authentication that make it more difficult for popular phishing 
attacks. Some authentication attacks are: 


1) Brute Force Attacks 
In this type of attack, all possible combinations of pass- 
word apply to break the password. The brute force attack 
is generally applied to crack the encrypted passwords 
where the passwords are saved in the form of encrypted 
text. 

2) Dictionary Attack 
This type of Attack is relatively faster than brute force 
attack. Unlike checking all possibilities using brute force 
attack, the dictionary attack tries to match the password 
with most occurring words or words of daily life usage. 

3) Shoulder Surfing 
Shoulder surfing is an alternative name of “spying” in 
which the attacker spies the user’s movements to get 
his/her password. In this type of attack the attacker 
observes the user; how he enters the password i.e. what 
keys of keyboard the user has pressed. 

4) Replay Attacks 
The replay attacks are also known as the reflection 
attacks. It is a way to attack challenge response user 
authentication mechanism. 

5) Phishing Attacks 
It is a web based attack in which the attacker redirects 
the user to the fake website to get passwords/ Pin Codes 
of the user. 

6) Key Loggers: The key loggers are the software programs 
which monitors the user activities by recording each and 
every key pressed by the user. 


E. Man-In-The-Middle Cryptographic Attack 


A man in the middle attack is one in which the attacker 
intercepts messages in a public key exchange and then retrans- 
mits them, substituting his own public key for the requested 
one, so that the two original parties still appear to be communi- 
cating with each other. In the process, the two original parties 
appear to communicate normally. The message sender does 
not recognize that the receiver is an unknown attacker trying 
to access or modify the message before retransmitting to the 
receiver. Thus, the attacker controls the entire communication. 
Some type of MIM attacks are: 


1) Address Resolution Protocol Communication (ARP) 
In the normal ARP communication, the host PC will send 
a packet which has the source and destination IP address 
inside the packet and will broadcast it to all the devices 
connected to the network. The device which has the target 
IP address will only send the ARP reply with its MAC 
address in it and then communication takes place. The 


ARP protocol is not a secured protocol and the ARP 
cache doesn’t have a foolproof mechanism which results 
in a big problem. 

2) ARP Cache Poisoning 
In ARP cache poisoning, the attacker would be sniffing 
onto the network by controlling the network switch to 
monitor the network traffic and spoof the ARP packets 
between the host and the destination PC and perform the 
MIM attack. 

3) DNS Spoofing 
The target, in this case, will be provided with fake 
information which would lead to loss of credentials. As 
explained earlier this is a kind of online MIM attack 
where the attacker has created a fake website of your 
bank, so when you visit your bank website you will be 
redirected to the website created by the attacker and then 
the attacker will gain all your credentials. 

4) Session Hijacking 
In this once the session is established between the host PC 
and the web server the attacker can obtain certain parts 
of the session establishment which is done by capturing 
the cookies that were used for the session establishment. 


F. Data Loss or Leakage 


Data can be compromised in many ways: intentionally and 
unintentionally. Data can be deleted or modified at any time 
by intruders, and if data are not backed up, this can lead to 
data loss. Removing the link from a record linked to a larger 
context may also result in data loss, and therefore impossible 
to retrieve them. Moreover, if the encoding key is lost, this 
may result in a major damage. 


VI. SOLUTIONS FOR SECURITY ATTACKS 


1) Solution against Denial of Service Attack 
For restricting DoS attack we can classify traffic on the 
basis of authorization, so we can block traffic that are 
identify as unauthorized and allow traffic that are identify 
as authorized. For this firewalls can be used to allow or 
deny traffic on the basis of access protocols, ports or IP 
addresses. Today most of the switches have capability of 
rate-limiting on the basis of Access Control List that can 
provide automatic rate limiting, shape traffic, bogus IP 
filtering, binding and can deeply inspect packets. Similar 
to switches routers have also some capability like ACL 
and rate-limiting which can be set manually to create 
rules and regulations. Application front end hardware 
can be used on networks in colligation with routers and 
switches which can analyze data packets as they enter 
into the network system to check their authority and 
priority so that flow of traffic can be controlled.. After 
DoS attack one can send all the traffic on attacked packet 
to a null interface or to a non existing interface, this helps 
to reduce the effect of DoS attack. 
2) Solution against Malware Injection Attack 

To prevent cloud from malware injection attack we can 
combine the integrity with hardware or can use hardware 
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3) 


4) 


5) 


for integrity purpose because for an attacker it is difficult 
to intrude in the IaaS level. For this we can utilize a 
file allocation table (FAT) system, by using it we can 
determine the validity and integrity of new instance by 
comparing the current and previous instance. For this 
purpose, we need to deploy a hypervisor on the providers 
side. In cloud system hypervisor is considered to be the 
most secure and sophisticated part of it whose security 
cannot be broken by any means. The Hypervisor is 
responsible for scheduling all the instance and services 
so we can make hypervisor to check file allocation table 
to validate and integrate an instance of customer. 
Solution against Side Channel Attack 

To prevent cloud from side channel attack we can use 
combination of virtual firewall appliance. It is possible for 
an attacker to instantiate new virtual machine to identified 
targeted virtual machine in cloud and extracts some 
confidential information. But a virtual firewall prevents 
this attempt of placement of malicious virtual machine 
during a side channel attack. Another approach is to 
use randomly encryption decryption because it prevent 
second step extraction of side channel attack. Here by 
confusion we mean that making relation between plain 
and cipher text more and more complex; by diffusion 
we mean to dissipate the statistical structure of plaintext 
over the bulk of cipher text. Security against both front 
end and back end side of cloud computing architecture 
is provided by this combination and also provide RAS 
(Reliability, Availability, and Security). 

Solution against Authentication Attack 


e Delayed response 
Given a login-name/password pair the server pro- 
vides a slightly delayed yes/no answer (say not faster 
than one answer per second). This should prevent an 
attacker from checking sufficiently many passwords 
in a reasonable time. 

e Account locking 
Accounts are locked after a few unsuccessful login 
attempts (for example, an account is locked for 
an hour after five unsuccessful attempts.) Like the 
previous measure, this measure is designed to prevent 
attackers from checking sufficiently many passwords 
in a reasonable time. 

e Biometrics 
Biometric is an image-based authentication system 
in which finger prints, face, iris, retinal, speech, 
signature verification are used to verify against the 
original specimen. The image is preprocessed first 
and then the classification of images is done. The 
advantage of this method is that it is real and unique 
signature and cannot be stolen. The disadvantage is 
that it is costly and difficult to implement. It is not 
a completely matured method and it can be easily 
compromised and is time consuming also. 


Solution against Man-In-The-Middle Attack 


VII. 


e By using one time password because one time pass- 
word is immune to MIM attacks. 

e By forensic analysis of MIM attacks 

e IP address of the server 

e Is the certificate self-signed? 

e Do other clients, elsewhere on the Internet, also get 
the same certificate? 

e Is the certificate signed by a trusted CA? 

e By using mutual authentication, with many client 
and server implementations, the initial trust is only 
confirmed by one way verification between the client 
and the server. With mutual authentication, the server 
verifies the client and the client verifies the server 
to ensure legitimate communications are being ex- 
changed. Verification can be conducted by using 
public and private keys. 


SOLUTION FOR SECURITY ATTACKS IN HYBRID 
CLOUD 


A. Virtual Private Network / Secure Tunnel 


VPN (Virtual Private Network) provides secure access be- 
tween enterprise and cloud. Solution developed based on VPN 
allows enterprises to have complete control over their data. 
Most of the third party companies like citrix, cohesive FT, etc 
have provided security solutions based on VPN. 


1) 


2) 


3) 


Amazon VPC 

With Amazon Virtual Private Cloud (VPC), enterprises 
can create their own virtual cloud inside amazon public 
cloud such that their IT infrastructure is hosted within a 
specific subnet. VPC provides a VPN connection between 
enterprise IT infrastructure and the enterprise virtual 
cloud (present inside public cloud). The VPN connection 
uses IPsec tunnel mode to protect the data from eaves 
dropping and tampering. All the security policies which 
were implemented within enterprise can be extended to 
virtual cloud. From the figure three presented below it 
is clear that the enterprise has created its own virtual 
cloud called VPC inside a amazon public cloud. With 
the help of the VPN gateway and the customer gateway, a 
VPN connection is established over the internet, between 
enterprise network and amazon public cloud. 

Open VPN 

This is an open source VPN solution for providing secure 
data exchange between networks. Here, OpenSSL-based 
encryption is used for securing the data. Open VPN 
establishes a secure tunnel for data exchange between 
enterprise IT infrastructure and cloud. For encrypting 
the communication in tunnel it uses OpenSSH protocol. 
OpenVPN provides a secure network using standard 
SSL/TLS protocol. It supports multiple ways of authen- 
ticating the cloud and enterprise before establishing a 
secure connection such as verifying certificates, using 
smart cards, based on username/password credentials, 
using firewall access control policies. 

Open Bridge Citrix 
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Cloud bridge solution provides transparent network and 
seamless connectivity between enterprise and the public 
cloud. In order to provide seamless hybrid cloud they 
must be securely connected and should behave as single 
integrated network. In order to provide a seamless com- 
munication experience to enterprise users while accessing 
cloud they should be able to access data as if they 
are using local machines. Optimizing the Wide Area 
Network (WAN) performance is very much important for 
improving the communication speed. WAN optimization, 
caching, Wide-area file services are some methods which 
are used by cloud-bridge in improving the communication 
speed between enterprise and cloud. 


B. Data Encryption 


Encryption is a widely used solution for addressing the 
threats based on confidentiality and integrity issues. Enter- 
prises need to encrypt their data and communications in order 
to protect from malicious attackers present in the internet. 
But managing the encryption mechanism in cloud requires 
management and configuration overhead for secure key change 
from both cloud and enterprise perspective. With the help of 
encryption mechanism, data which is in transit through the 
internet is protected. The data present within enterprises can 
be protected by providing access control or role based access. 


C. Symmetric Cipher Model 


The following are the main components of a symmetric 
cipher model. 


Symmetric encryption also referred as conventional en- 
cryption or single-key encryption, was the only type of 
encryption in use prior to the development of public key 
encryption. 

Plaintext: This is the original intelligible message or data 
that is fed into the algorithm as input. 

Encryption Algorithm: In order to perform transforma- 
tions and substitutions on the plain text. 

Secret Key (Input): The secret key is also input to the 
encryption algorithm, the key is a value independent of 
the plaintext and of the algorithm. The algorithm will 
produce a different output depending on the specific 
key being used at the time. The exact substitutions and 
transformations performed by the algorithm depend on 
the key. 

Cipher Text: This is the scrambled message produced as 
output. It depends on the plaintext andthe secret key. For 
a given message, two different keys will produce two 
different cipher texts. Ciphertext text consists of random 
stream of data and it is unintelligible. 

Decryption Algorithm: This is essentially the encryption 
algorithm run in reverse. It takes the ciphertext and the 
secret key and produces the original plaintext. 


The main requirements for conventional encryption to make 
secure to use are following: 


We need a strong encryption algorithm. We will make the 
algorithm in such a way that an opponent who knows 


the algorithm can access one or more ciphertexts and 
unable to decipher the ciphertext or figure out the key. 
It is generally stated as stronger form of requirement. 
The opponent should be unable to decrypt ciphertext or 
discover the key even if he or she is in possession of 
a number of ciphertexts together with the plaintext that 
produced each ciphertext. 

Sender and receiver must have obtained copies of the 
secret key in a secure fashion and must keep the key 
secure. If someone can discover they key and knows the 
algorithm, all communication using this key is readable. 
All communication using the key is readable if anyone 
who discovers the key and knows the algorithm. 


D. New Symmetric Key Algorithm 


We conclude the paper by presenting a simple symmetric 
key cipher algorithm. We also give an example and discuss 
some of the advantages of the algorithm. 


1) 


2) 


3) 


Encryption Algorithm 

Step 1. First develop an ASCII value for a letter. 

Step 2. Generate the corresponding binary value of it. 
[Make the binary value to 8 digits for exam- 
ple for decimal value for 32 binary numbers is 
00100000] 

The 8 digit’s binary number should be reversed. 
The key can be taken as 4 digits divisor ({=1000). 
The divisor should be divided with reversed 
number. 

Remainder and quotient should be stored in first 
3 and 5 digits.(quotient and remainder should 
be more than 3 and 5 digits long, if they are 
less than 3 and 5 digits we have to add required 
number of Os(Zero’s) to its left hand side and 
now it would be a the ciphertext or encrypted 
text.) Now we can store the quotient in next 5 
digits and remainder in first 3 digits. 


Step 3. 
Step 4. 
Step 5. 


Step 6. 


Decryption Algorithm 


Step 1. The key is multiplies by the last 5 digits of the 
ciphertext. 

The result which is produced in the previous step 
is added with first 3 digits of the ciphertext. 

If Step 2 does not produce 8-bit number we need 
to make to 8-bit number. 

To get the original or the plain text reverse the 
number. 


Step 2. 
Step 3. 


Step 4. 


Example 

Let the character be “T”. As per the given steps we will 
get following results. 

Step 1. ASCII of T is 84 in decimal. 

Step 2. The binary value of 84 is 1010100. As per the 
encryption algorithm, as it is not an 8-bit binary 
number we have to make it an 8-bit binary 
number. Therefore it would be 01010100. 
00101010 is the reverse of binary number. 

Let us choose 1000 as divisor, that is, as the key. 


Step 3. 
Step 4. 
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Step 5. Divide the dividend by divisor, that is, 00101010 
by 1000. 

Step 6. The remainder is 10 and quotient is 101. There- 
fore according to the algorithm the ciphertext is 
01000101 and its ASCII is 69 in decimal, that is, 
“F”. 

4) Advantages of the new algorithm 

a) Simple algorithm in nature. 

b) The two reverse operations makes algorithms more 
secured. 

c) Receiving end is easier as CRC checking is present. 

d) For small amount of data this algorithm works well. 


VIII. CONCLUSION 


With the growth of the IT world and global reach for each 
and every invention in the IT field, the economic growth 
has also been increasing. This is because the enterprises 
are adapting these IT inventions for their growth. As cloud 
computing was a milestone in the IT world the use of cloud 
computing is rising exponentially. This also makes way for 
huge security issues. There are several security attacks and 
privacy challenges that are faced in cloud computing. Some of 
those security issues, attacks and threats have been discussed 
with their possible solutions. 
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Abstract—This paper gives an overview of the e-payment 
system. It discusses the different e-payment systems, identifies 
the issues and challenges of e-payment systems and offers the 
solution. 

Index Terms—Secure gateway, electronic transaction, E- 
payment, multiple payment, insecure system, client bank, mer- 
chant bank 


I. INTRODUCTION 


LECTRONICpayment system is a mode of payments over 
an electronic network such as the internet. In other 


words we can say that e-payment is a method in which a 
person can make Online Payments for his purchase of goods 
and services without physical transfer of cash and cheque, 
irrespective of time and location. Electronic payment system 
is the basis of on-line payments and on-line payment system 
development is a higher form of electronic payments. It makes 
electronic payments at any time through the internet directly 
to manage the e-business environment. 

In real world we have two distinct types of payment sys- 
tems. With the advancement in technology and popularity of 
Internet, the perception of making online transactions is bound 
to gain momentum. In the future, the payment modes currently 
used and supported shall see a declining trend owing to the 
numerous benefits offered by electronic payment systems 


II. SECURE GATEWAY IN PAYMENT SYSTEM 


The attempt of studying a Secure Gateway in payment 
system for Electronic transaction is made. The current research 
and development shows that the electronic payment system for 
such an electronic transaction is to be secure for participants 
such as Payment Gateway Server, Bank Servers and Merchant 
Servers, on Internet. The security architecture of such sys- 
tems are designed by using various Security Protocols and 
Techniques, not only to safeguard but eliminate the fraud that 
occurs in such a transaction with stolen credit card/debit card 
payment information and customer information. Electronic 
commerce involves the tremendous exchange of some form 
of money for trade of goods and services over the Internet, 
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Fig. 1. Illustration of Transaction 


and it is evident from the studies that the Internet is an 
insecure and unreliable media in many ways in such a trade. 
Online shopping by card is not new in the current e-commerce 
applications in our society today. The ease of purchasing 
and selling products over the Internet has helped the growth 
of e-commerce and as a result the e-payment services have 
proved to be the convenient and efficient way to perform 
financial transactions.transmitted over the links in plain text, 
there is a possibility of eavesdropping. Anyone listening to 
the network traffic could gain access to sensitive information, 
such as card numbers, card type and or the complete details 
of the card holder. Credit card-such as a Visa or Master, has a 
preset spending limit based on users credit limit. Debit Cards 
withdraws the amount of the charge from the card holders 
account and transfers it to the sellers bank. In electronic 
payment system, server stores records of every transaction. 
When the electronic payment system eventually goes online 
to communicate with the shops and the customers who can 
deposit their money and the server uploads these records for 
auditing purposes. 


A. Types of Attacks on Insecure System 


e Network Attacks: These simple services can be used 
to stop a wide variety of network attacks, including 


Akshitha Venu et al, “Payment Gateway: Designing, Implementation and Security” 18 


Proceedings of Vidya MCA Departmental Seminar (VMCADS-2019),22-23 November 2019 
Department of Computer Applications, Vidya Academy of Science & Technology, Thrissur — 680501 


Snooping (passive eavesdropping).An attacker watches 
network traffic as it passes and records interesting data, 
such as credit card information. 

e Tampering: An attacker monitors network traffic and 
maliciously changes data in transit (for example, an 
attacker may modify the contents of an email message). 

e Spoofing: An attacker forges network data, appearing to 
come from a different network address than he actually 
comes from. This sort of attack can be used to thwart 
systems that authenticate based on host information (e.g., 
an IP address). 

e Hijacking: Once a legitimate user authenticates, a spoof- 
ing attack can be used to “hijack” the connection. 

e Capture-replay: In some circumstances, an attacker can 
record and replay network transactions to ill effect. For 
example, say that you sell a single share of stock while 
the price is high. If the network protocol is not prop- 
erly designed and secured, an attacker could record that 
transaction, and then replay it later when the stock price 
has dropped, and do so repeatedly until all your stock is 
gone. 

e PIN-guessing attack: An attacker can fake the digits and 
use the user authentication code (UAC) to launch a PIN- 
guessing attack. 


B. Secure Electronic Transaction(SET) Protocol 


To carry out transactions successfully and without com- 
promising security and rust, business communities, financial 
institutions and companies offering technological solutions 
wanted a protocol that works very similar to the way how a 
credit card transactions work Visa and MasterCard, leading 
credit card companies in the world formed a consortium 
with computer vendors such as IBM and developed an open 
protocol which emerged as a standard in ensuring security, 
authenticity, privacy and trust in electronic transactions. 

The main business requirements for SET are: 


e Provide confidentiality of payment information and en- 
able confidentiality of order information that is transmit- 
ted along with the payment information. 

e Ensure the integrity of all transmitted data. 

e Provide authentication that a cardholder is a legitimate 
user of a branded payment card account. 

e Provide authentication that a merchant can accept 
branded payment card transactions through its relation- 
ship with an acquiring Financial Institution. 

e Ensure the use of the best security practices and system 
design techniques to protect all legitimate parties in an 
electronic commerce transaction. 

e Create a protocol that neither depends on transport secu- 
rity mechanisms nor prevents their use. 

e Facilitate and encourage interoperability among software 
and network provider 


C. Disadvantages of SET Protocol 


In 1995, Visa and MasterCard began to develop a standard 
for processing credit card transactions over the Internet. Called 


Secure Electronic Transaction (SET), the new standard would 
not only encrypt transactions but also link them with a digital 
signature that would fulfill the same role as the physical 
signature used in stores but it has several disadvantages: 


e Implementing SET is more costly than SSL/TLS for 
merchants as well. Adapting their systems to work with 
SET is more complicated than adapting them to work 
with SSL/TLS. Furthermore, merchants must have ac- 
counts opened at business banks capable of handling SET 
transactions. 

e Business banks must hire companies to manage their 
payment gateways, or install payment gateways by them- 
selves. 

e Despite being designed with security in mind, SET also 
has some security issues. In a variant of the SET protocol, 
the merchant is allowed to see the customer payment 
information. Just as with SSL/TLS. There are also some 
other, minor security issues in this protocol. 


D. Electronic Transaction-Based Payment System 


Secure electronic transaction is a system of online payments 
for ensuring the security of financial transactions on the inter- 
net. The SET specification is an open, technical standard for 
commerce, developed by VISA and master card. It facilitates 
secure payment card transactions over the internet. Digital 
certificate create a trust change throughout the transactions, 
verifying cardholders and merchant validity. The following are 
the requirements for setting up a system for secure electronic 
transaction. 


e Secure communication between all parties: There needs 
to be secure communication channels between all par- 
ties involved in a transaction. It is necessary to ensure 
that information is not revealed to parties not involved 
in the transaction regardless of the importance of the 
information, and that the integrity of the communication 
is preserved. 

e Minimisation of the sharing of data between the parties. 


There are two different aspects to this requirement: 


1) The payment service (referred to as the payment gateway) 
does not need to know the details of the subject of the 
transaction. This is particularly important if the subject 
of the transaction is of sensitive nature, especially if 
the subject is not held in high regard in the consumer’s 
community. 

2) The merchant does not need to know the payment de- 
tails of the subject other than the confirmation that the 
payment has succeeded. In many cases, the consumer 
may not want to build a relationship with the merchant, 
because the purchases are in-frequent (holiday travel for 
example). 


E. Using Payment Gateways to Maintain Privacy in Secure 
Electronic Transactions 


There is need to reduce the amount of information shared 
with the merchant. There are also cases where the purchaser is 
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Fig. 2. 


Payment Gateway 


not the end consumer of the service or product, for example in 
the case of gift purchases such as flowers. In such a case, it is 
not reasonable to collect purchaser details when they have very 
little in connection to the consumer. To support a number of 
payment mechanisms, the credit card is the dominant payment 
tool on the Internet, but it is not necessarily available to 
everyone. Integrating other payment mechanisms such as debit 
cards, bank transfers, cheques or even other payment services 
such as PayPal is costly for the merchant. But a payment 
gateway can handle multiple payment services if there are 
a sufficient number of consumers spread over a number of 
different merchants that would be willing to use it. As there are 
several customer details that are given through online system, 
it is the responsibility of the payment gateway provider to 
secure the payment system and other details related to the 
transaction between the customer and the merchant. Security is 
the most important concern for payments done through online 
system. The proposed system, comprising of four players: a 
bank (or similar financial institution), the payment gateway, 
the merchant and the consumer. The payment gateway has a 
secure connection to the bank which provides verification of 
credit cards and carry out the actual financial transaction. 

After the consumer has finished shopping, the merchant 
creates a signed invoice for its services and products for the 
consumer. Another invoice with four components - a globally 
unique verifiable identifier (all documents will have verifiable 
globally unique identifiers through the use of schemes such 
as the one described, the amount payable (and its terms 
e.g. payment in full or in installments), a globally unique 
merchant identifier (issued by the payment gateway) and a 
digital signature of the invoice - is created for the payment 
gateway. These invoices are forwarded to the respective parties 
(step b). The second invoice has no details concerning the 
consumer, and thus the details of the sale is completely 
masked. The digital signature assures non-repudiation on the 
value of the sale and performs authentication on behalf of 
the merchant. Furthermore, this approach allows for non- 
real time communication. Various methods for security are the 
following: 


e Authentication: There is no authentication of the con- 
sumer, and thus it could be possi- ble for the consumer 
to be totally anonymous during a payment transaction. 


Merchants are authenticated using their digital signature. 
The merchant identifier serves as an ad- ditional layer of 
authentication, but is aimed more for easier administra- 
tion. 

e Minimise Data Sharing: The only data shared between 
the payment gateway and the merchant are identifiers to 
link transactions and the payment amount. Like SET’s 
dual signature scheme, payment details and merchant’s 
sale details remain hidden from the non-participating 
parties. Furthermore, unlike SET where it is not possible 
to prove that the payment gateway is known by the 
consumer [3], it is possible to show that the customer 
is aware of all the parties involved in the transaction, 
and can potentially even have a choice in the payment 
gateway. 

e Traceability and Verification: The use of digital sig- 
natures allow for the verification of each step of the 
payment transaction. It is possible to trace the entire 
payment process, should it be required (during a criminal 
investigation for example), if both the merchant’s and the 
payment gateway’s records are matched. An examination 
of one party’s records is not going to be enough to reveal 
the complete picture, thus achieving the privacy goals, 
without compromising traceability. 


II]. E-PAYMENT SYSTEM ON E-COMMERCE IN INDIA 


E-commerce provides the capability of buying and selling 
products, information and services on the Internet and other 
online environments. In an e-commerce environment, pay- 
ments take the form of money exchange in an electronic form, 
and are therefore called Electronic Payment The merchant sell 
the goods to customer and customer pay the price with the help 
of E-Payment system . 

The following steps are carried out for payments during 
online procedures:- 


1) The payment procedure is initiated by the applicant. The 
applicant selects a bank. 

2) A payment request is sent to the bank that contains an 
XML message with a redirection URL that points to the 
government application. In response, the bank opens a 
session and forwards the user to the given URL. 

3) The authoritys application forwards the applicant on to 
the online banking application of his . bank. After he has 
been authenticated, the payment transaction is carried out 

4) Before the transaction is carried out, the bank checks if 
there is still a connection open between the bank and the 
authority. 

5) After the connection is confirmed by the authority, the 
bank carries out the money transfer. 

6) A confirmation message is sent to the authority stating 
whether the payment was successful or not. 

7) The authority responds with an acknowledgement mes- 
sage. 

8) The payment process is finalized and the applicant is 
referred back to the authorities application. 
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A. Types of E-payment system 


1) Credit cards: A Credit card is a piece of plastic that carries 
information that allow you to make purchase now pay for 
them later 

2) Debit Card: Debit card is a prepaid card and also known 
as ATM card. An individual has to open an account with 
the issuing bank which gives debit card with a personal 
id number, when he makes a purchase he enter his pin 
number on shop pin pad. 

3) Smart card: Smart card was first introduce in Europe 
most of these method are known as stored value card 
.A smart card is about the size of a credit card, made 
of a plastic with an embedded microprocessor chip that 
holds important financial and personal information 

4) Digital Wallet (Electronic wallet) 

Electronic wallets being very useful for frequent online 
shoppers are commercially available for pocket, palm- 
sized, handheld, and desktop PCs. They offer a secure, 
convenient, and portable tool for online shopping. 

5) Electronic Cheque: Electronic cheque is messages that 
contain all the information that is found on an ordinary 
Cheque but it uses digital signature for signing and 
endorsing and has digital certificate to authenticate bank 
account. 

6) Electronic cash Similar to regular cash, e-cash enables 
transactions between customers without the need for 
banks or other third parties. When used, e-cash is trans- 
ferred directly and immediately to the participating mer- 
chants and vending machines 


B. Limitations of traditional Payment Systems 


e Lack of usability 

e Lack of security 

e Lack of eligibility 

e High usage costs for customers and merchants 
e Lack of efficiency 

e Lack of consistency 


C. Limitations of traditional Payment Systems 


1) Consumer and browser: A consumer interact with the 
online commerce system through a web browser typically 
a consumer first accessing a shopping mall and then uses 
the hyperlink from the mall to access the merchant home 
page. 

2) Shopping mall: A shopping mall is where most consumer 
first visit for a shipping free there will be several shopping 
malls and it may pay to enlist with one or more well 
known mall. 

3) Merchant systems: It consists of the home page and 
related software to manage the business. 

4) . Banking network it consist of several components there 
is bank that processes the online financial transaction for 
the given merchant the bank maintain the account for 
the merchant authorize and processes the payment the 
merchant bank also maintain a link with the consumer 
bank for verifying the trans actions 


D. Limitations of traditional Payment Systems 


1) To identify the area of quality customer service with 
personal attention. 

2) To establish strong relationship between bank and cus- 
tomer. 

3) It identify how online payment system work. 

4) Understand different payment technology. 

5) To fulfill the economical requirements of the business. 


IV. DESIGNING AND IMPLEMENTATION OF ELECTRONIC 
PAYMENT GATEWAY FOR DEVELOPING COUNTRIES 


Online shopping allows customers to sit in their homes and 
buy goods from all over the world. Similarly allows Merchant 
to sell their products to all over the world from home. Most 
of the population will use online payment in near future. Most 
of the Third world countries lagged behind in making a good 
Internet architecture. There is need of a secure online payment 
gateway in developing countries. 


A. Preliminaries 


e Online customer: A customer is an entity who will buy 
products by making payments in timely manner. 

e Merchants: A merchant is a seller who will receive 
payments made by customer. 

e Banks: Two banks are involved. 

1) Client bank: Client bank holds clients bank account 
and validate customer during account registration. 

2) Merchant bank: Merchant bank holds merchant bank 
account. It is responsible of management, fraud control 
etc 

e Payment Gateway: A payment gateway is connected to 
all customers, merchants and banks through Internet and 
responsible for the speed and reliability and security of 
all transactions that take place. 


B. Framework Overview 


In the proposed model of electronic payment gateway on 
the basis of requirements of an electronic payment gateway in 
developing countries there are five interfaces. 


1) Customer Interface 

2) Server (e-payment Gateway) Interface 
3) Client Bank Interface 

4) Merchant Bank Interface 

5) Merchant Interface 


Online Customer will connect to e-payment gateway through 
Internet. Gateway will connect to the Bank and check whether 
its bank accounts is enough to buy the required product. Online 
customer can also visit Merchants website through Gateway. 


C. Techniques 


1) Privacy: It is necessary to assure privacy in the payments 
like bank accounts. 

2) Naming:There should be a way of identifying the cus- 
tomers bank accounts and the merchant bank accounts. 

3) Security:In gateways security should provide to protect 
data of transactions. 
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4) Integrity:Integrity: Data should be difficult to change. 

5) Confirmation: When transaction took place customer 
must have notification and merchant must have confir- 
mation 

6) Confidentiality: Any third parties should not be able to 
access or view such payments. 

7) Settlement: Separate banking institutions must have a 
way of settling their accounts. 


V. FUTURE WORK 


Electronic Payment Gateway is present in our country but it 
is not very secure. The proposed architecture is made secure by 
the implementation of secure electronic transaction methods. 
Because of this now only authentic customers can now buy 
products from merchant’s site whose bank account number is 
enough to buy the required product. At first it is checked if the 
customer is authorized one or not then the whole transaction 
takes place. The electronic payment gateway is made secure 
enough that any authorized customer can easily trust it and 
fearlessly and confidently make payments over the Internet. 
If this system is to be implemented in developing countries 
then strong support of government of that country is required 
as there is not much awareness of electronic transactions in 
developing countries. 


A. E-payment Gateway Model 


The Gateway is called as Trusted Third Party or Entry 
point to any network. Online shopping allows customers to 
sit in their homes and buy goods from all over the world. 
Similarly allow Merchant to sell their products to all over the 
world from home. There is need of a secure online payment 
gateway in developing countries. We have also mentioned the 
requirement for an electronic payment gateway from customer 
and merchant’s point of view. On the basis of these a new 
secure e-payment gateway has been designed and developed. 
The payment gateway would provide secure transactions. On 
the basis of proposed architecture of e-payment system of third 
world countries and the requirements related to any electronic 
payment gateway, we design and develop a secure, reliable 
and efficient electronic payment gateway. 


B. Gateway Network 


e Online customer: A customer is an entity who will 
buy products by making payments in timely manner. 
Merchants: A merchant is a seller who will receive 
payments made by customer. 

e Bank: Two banks are involved: 

Client bank: Client bank holds clients bank account and 
validate customer during account registration. 

Merchant bank: Merchant bank holds merchant bank 
account. It is responsible of management, fraud control 
etc. A merchant account is a type of bank account that 
allows businesses to accept payments by payment cards, 
typically debit or credit cards. A merchant account is 
established under an agreement between an acceptor and 


a merchant acquiring bank for the settlement of payment 
card transactions. 

e Payment Gateway: A payment gateway is connected 
to all customers, merchants and banks through Internet 
and responsible for the speed and reliability and security 
of all transactions that take place. A payment gateway 
is an ecommerce service that authorizes payments for 
e-businesses and online retailers. It is the equivalent of 
a physical POS (point-of-sale) terminal located in most 
retail outlets. A merchant account provider is typically a 
separate company from the payment gateway. Some mer- 
chant account providers have their own payment gateways 
but the majority of companies use 3rd party payment 
gateways. The gateway usually has 2 components: 


1) The virtual terminal that can allow for a merchant to 
securely login and key in credit card numbers , 

2) Have the website’s shopping-cart connect to the gate- 
way via an API to allow for real time processing from 
the merchant’s website. 


In existing system we use electronic gateway which is 
used for secure transactions between client and merchant. If 
new user wants to do transaction then he/she should register 
Himself/herself first through registration form then browse 
merchant website using e-payment gateway. Select item and 
encrypt payment request and send it to Server. Server re- 
ceives encrypted message from sender, decrypt message, read, 
encrypt it using its own keys and send it to Client bank. 
Client bank transfers the required amount to the merchant bank 
through secure network. After receiving the fund Merchant 
bank sends the payment. 


C. Payment Gateway: Innovation in Multiple Payments 


With the advancement of technology and internet usage, the 
world is shrinking day by day and the business boundaries are 
expanding beyond imagination. Any business owner nowadays 
cannot dream of launching in a bigger way without the online 
presence (payment facility). For consumers, with Ecommerce 
and best infrastructure to ship products, they can dream of 
getting any product/service from any part of the world in 
a short time cutting across all barriers. Ecommerce systems 
depend mainly on the payment gateway service providers to 
facilitate payment transactions. Now the payment gateway 
service providers are focusing on providing lot of features 
and user friendly options to increase market share. Through 
this paper, a new approach to the Multiple payment modes 
is brought into light which will be different from the usual 
multiple payment options available in the Online Payment 
Industry. With this option, user experience is made great and 
saves time for the user with the flexibility to pay from many 
option. 


D. Multiple Payment 


Multiple Payment is the option to make payment for more 
than one bill of one or more than one vendor with a single 
click. The existing online systems or electronic payment 
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systems allows the payment to be made for single bill us- 
ing multiple sources[6] or allow selecting multiple bills but 
payment to be made from single source. For example, current 
systems allow users to select more than one bill from single 
merchant and can make payment using credit card or any 
other method to make payment directly to the merchant. The 
payment can be made from loyalty cards also in which reward 
points can be redeemed for money and remaining amount can 
be made from either credit/debit cards. There is no system 
designed to make payment using more than two sources in 
existing split tender payment option. 


E. Proposed Features to Existing Multiple Payment Option 


The new system will help in making the payments in the 
following efficient ways. In our new application, we combine 
the advantage of two important features - using Multiple 
Payment and Split Tender Payment feature. Multiple Payment 
is the option to make payment of bills of more than one vendor 
in a single click. Split Tender Payment feature is the ability to 
make payment using two sources one reward point / loyalty 
card and another source like credit/debit/savings and etc for a 
single bill. 

In our new system, users can select multiple mer- 
chants/vendors, select one or more bills, can choose more 
than one payment modes and can make payment directly to 
the merchant(s) or even can use the split tender payment 
to pay multiple bills. To illustrate, let us say that user can 
select multiple merchants like telephone bills from one vendor, 
electricity bill from one vendor, car insurance bill and etc 
and make payment partially using his credit card, partially 
using his savings account and can use any other payment 
mode(s) if required. Consider the scenario of paying Insurance 
Premium for car insurance from company! is for Rs.10000 
and Telephone bill of Rs.4000. Under this proposed system, 
an user can pay the amount using various payment modes like 
using credit card, using net banking or using debit card, using 
reward points and etc. The best part of this is option can be 
even provided to use different types of credit/debit cards like 
Master, Visa and etc at the same time to make the payment. 
Refer Figure 3 given below. Another important feature is to 
allow a bill to be paid using various payment provider type 


like Master, Visa and Amex. For example, to make a total 
payment of Rs.14000 can be paid using credit card itself by 
selecting payment method as Credit card. Then the payment 
can be made from more than one credit card. One payment 
of Rs.7000 can be made from a Master Credit card, another 
Rs.5000 can be paid using a Visa credit card and another 
Rs.2000 can be made using a Amex credit card or can use 
existing Reward points to make this last part of payment. 


VI. CONCLUSION 


In current e-commerce systems for the Internet, the cus- 
tomer has to place a high degree of trust in the merchant, that 
the merchant will process the transaction correctly and handle 
the details of the transaction in a secure manner. Furthermore, 


merchants force the customers to create relationships, collect- 
ing data that is sometimes unnecessary, increasing the risks 
for the customer when computer security breaches occur. 

In this paper, we have presented a payment gateway system 
that preserves privacy for all the parties involved in the 
transaction, as well as minimises the risks to data security for 
consumers. Furthermore, the system also provides traceability 
of all trans- actions, complete with signed invoices and receipts 
for both merchants and customers that provide integrity and 
non-repudiation; properties that are not possible in most of 
the current payment systems. The invoices and receipts are 
machine readable and thus can be used as payment tokens or 
proof of payment for various services, including DRM systems 
and web based services 
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Abstract—This paper presents an overview of IoT. It discusses 
the rapid development of internet technologies, the history of 
internet and also the architecture of internet. IoT has become a 
part of our everyday life but many a common man are unaware 
of the dangers lurking behind the internet. This paper briefly 
discusses the securities issues associated with IoT. 

Index Terms—Internet of things, RFID technologies, security. 


I. INTRODUCTION 


Things. IoT has created a lot of buzz in the IT industries 

and in our daily busy life. It has made our lives better 
in so many ways and it will likely continue to do so. The 
term IOT refers to things that we use everyday that also 
connect to the internet and can control everything in a finger 
tip and at a limited time.The main aim of this paper is to 
give an overview about the IOT. The paper is organised as 
follows: The second section contains the history of the IoT 
that starts from the beginning of the computer era. The third 
section contains the main basic characteristics of the IoT. 
The fourth section contains the architectural layers of IoT. 
The fifth section contains the five key challenges of IoT. The 
sixth section contains the four crucial technologies of IoT. The 
seventh section contains the security issues in each IoT layer. 
The eighth section contains the security requirements of IoT. 
The ninth section contains the main applications of the IoT. 


[om OF THINGS is also known as the Internet Of 


II. HISTORY 


The computer era starts from 1950s until the late 1970s with 
mainframe computers. Then during the 1980’s, minicomputers 
and Personal computers are arrived. From 1990s Internet 
Technology 1st arrived with modems and wires . Then from 
2003 digital connections were started then finally with the 
wireless connections. 

In the 1990’s the mobile devices meet computers in the 
form of PDAs(Personal Digital Assistant) later smartphones 
and tablets are arrived. The internet first commercially used 
in 1980. According to the statistical report in 2016 the Emails 
were used by 4.62 billion people and Facebook were used by 
1.82 billions then now it becomes more than 5 billions. 

Later the RFID (Radio Frequency Identification Tool) tech- 
nology arrived in the 1980’s. The RFID tags are attached to 


Reji C Joy 
Associate Professor of Computer Applications 
Vidya Academy of Science & Technology 
Thrissur - 680501, India 
(email: reji.c.j@vidyaacademy.ac.in) 


an item for tracking or identification process. The tag are read 
through radio waves.The RFID is the foundational technology. 
The other technologies like WSNs (Wireless Sensor Network) 
arrive at 1990. The newest technologies is Big Data that is 
everything is stored in the place called cloud with security 
and can transfer data through the internet to any locations. 


III. BASIC CHARACTERISTICS OF IOT 


IoT describes a system where items in the physical world 
and sensors within or attached to theses items are connected to 
the internet via wireless and wired internet connection and it 
has an ability to capture the information. There are basically: 


e Comprehensive Awareness: This is the main character- 
istics and are used to get the information of objects by 
using sensors ,RFID, and M2M. 

e Reliable Transmission: In this characteristics the IoT has 
reliable data transmission while receiving and sending the 
data at the correct time. 

e Intelligent Processing: This characteristic is mainly aim 
to process the data by analysing and collecting real data 
by using sensors, RFID,etc. 


IV. ARCHITECTURE OF IOT 


The concept behind the IoT is powerful as it is complex and 
in order for the element in the IoT puzzle to mesh together 
perfectly they all have to be part throughout structure. The IoT 
Architecture are of layered basis and of 3 layers. They are: 


e Perception Layer: It is the physical layer and also called 
the sensor layer which has sensors for sensing and gath- 
ering information about the environment. It consists of 
various types of sensors eg: RFID, WSN,GPS, Actuators, 
etc. This layer collect and process data and then convey 
to the network layer. 

e Network Layer: It is the Middle layer . It provide the 
data routing paths for the network communications. Here 
the data is transferred in the form of packet via logical 
network path in an ordered format controlled by this layer 
eg: WiFi, Bluetooth, 2G, 3G, 4G, NFC etc. 

e Application Layer: It is the top most layer, here we 
store all the datas that we assessed and at this point data 
is protected from unauthorised access mainly it assures 
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authenticity, Integrity, Confidentiality . eg: smarthomes, 
smartcities, smart health, etc. 


Application Layer 


Cloud / Servers 


y 
Network Layer 
Routers and Gateways 


Perception Layer 
Sensors and Actuators 


ao 


Fig. 1. 
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V. KEY CHALLENGES 


As more and more IoT devices make their way into the 
world, deployed in uncontrolled, complex, and often hostile 
environments, securing IoT systems presents a number of 
unique challenges. Some of them are: 


1) 


2) 


3) 


4) 


Secure constrained devices: Many IoT devices have 
limited amounts of storage, memory, and processing 
capability and they often need to be able to operate on 
lower power, for example, when running on batteries. 
Authenticate and authorize device: Devices must estab- 
lish their identity before they can access gateways and 
upstream services and apps. However, there are many 
IoT devices that fall down when it comes to device au- 
thentication, for example, by using weak basic password 
authentication, or using passwords unchanged from their 
default values. 

Manage the update of devices : Applying updates, 
including security patches, to firmware or software that 
runs on IoT devices and gateways presents a number of 
challenges. For example, you need to keep track of which 
updates are available apply updates consistently across 
distributed environments with heterogeneous devices that 
communicate through a range of different networking 
protocols. 

Secure data privacy: It is also important that wherever 
the data ends up after it has been transmitted across 
the network, it is stored and processed securely. Imple- 
menting data privacy includes redacting or anonymizing 
sensitive data before it is stored or using data separation 
to decouple personally identifiable information from IoT 
data payloads. Data that is no longer required should be 
disposed of securely, and if the data is stored, maintaining 


5) 


6) 


7) 


8) 


1) 


2) 


compliance with legal and regulatory frameworks is also 
an important challenge. 

Secure communication: Once the devices themselves are 
secured, the next IoT security challenge is to ensure that 
communication across the network between devices and 
cloud services or apps is secure. Many IoT devices dont 
encrypt messages before sending them over the network. 
However, best practice is to use transport encryption, and 
to adopt standards like TLS. Using separate networks 
to isolate devices also helps with establishing secure, 
private communication, so that data transmitted remains 
confidential. 

Secure data integrity: Ensuring data integrity, which 
may involve employing checksums or digital signatures 
to ensure data has not been modified. Blockchain as 
a decentralized distributed ledger for IoT data offers a 
scalable and resilient approach for ensuring the integrity 
of IoT data. 

Detect vulnerabilities and incidents: In large scale 
IoT systems, the complexity of the system in terms of 
the number of devices connected, and the variety of 
devices, apps, services, and communication protocols in- 
volved, can make it difficult to identify when an incident 
has occurred. Strategies for detecting vulnerabilities and 
breaches include monitoring network communications 
and activity logs for anomalies, engaging in penetration 
testing and ethical hacking to expose vulnerabilities, and 
applying security intelligence and analytics to identify 
and notify when incidents occur. 

Manage vulnerabilities: The complexity of IoT systems 
also makes it challenging to assess the repercussions of a 
vulnerability or the extent of a breach in order to manage 
its impact. Challenges include identifying which devices 
were affected, what data or services were accessed or 
compromised and which users were impacted, and then 
taking actions to resolve the situation. 


VI. CRUCIAL TECHNOLOGIES USED 


Encryption mechanisms: In IoT network and applica- 
tion layer are placed close to each other. So that Encryp- 
tion mechanism used must be in between by-hop and end- 
to-end. In the case of by-hop the nodes in the transmission 
process can view the plain text by decryption. This 
mechanism can decrypt the destination link only. In the 
case of end-to-end Encryption mechanism the data is only 
visible to the destination links. The intermediate node 
can not view the plain text. Bt the problem is that this 
mechanism can not encrypt the destination addresses. For 
high security the by-hop mechanism is used and for low 
security end-to-end mechanism is used. 
Communication security: The factors included in the 
communication security are integrity, authenticity, con- 
fidentiality etc.TLS/SSL is used to provide security in 
transport layer where as IPsec is used to provide security 
to network layer. 
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3) 


4) 


Protecting sensor data: The factors included in the 
protection of sensor data are integrity, authenticity, confi- 
dentiality. Among these factors Integrity and authenticity 
has higher demand. Sensor privacy is also an important 
factor. 

Cryptographic Algorithm: Cryptographic algorithms 
are used for important tasks such as data encryption, au- 
thentication, and digital signatures. Symmetric algorithm 
involves only one secret key to cipher and decipher the 
information. These algorithms are used for confidentiality 
of data . Example for such an algorithm is Advanced 
Encryption Standards. Asymmetric algorithms use two 
keys to encrypt plain text. These algorithms are mainly 
used for digital signatures and key transport. Examples 
are Rivest Shamir Adelman and Elliptic Curve Cryptog- 
raphy. Asymmetric key algorithms are not quite as fast 
as symmetric key algorithms. This is partially due to the 
fact that asymmetric key algorithms are generally more 
complex, using a more sophisticated set of functions. The 
Diffie-Hellman algorithm was one of the earliest known 
asymmetric key implementations. The Diffie-Hellman 
algorithm is mostly used for key exchange. Secure hash 
algorithms also known as SHA are designed to keep data 
secured. 


VII. SECURITY ISSUES 


Internet is the key Infrastructure of IoT hence, many security 
issues may occur. some of them are: 


Security in Perception Layer: The security issue in 
perception layer include physical security of sensing 
devices and security of information collected . such as 
information tracking , cloning attack man in the middle 
attack. 
Security in the wireless sensor network: 

— Attack on survey and authentication 

— Silent attack on service integrity 

— Attack on network availability 
Security in physical layer: In the physical layer there 2 
security they are 

— Jamming : This attack prevent the communication 

channel between the nodes 

— Node tampering: Extracting sensitive information 
Security in Application Layer: it includes the leaves 
dropping and tempering. 


VIII. SECURITY REQUIREMENTS 


The key requirements for any IoT security solution are: 


Device and data security, including authentication of 
devices and confidentiality and integrity of data 
Implementing and running security operations at IoT 
scale 

Meeting compliance requirements and requests 

Meeting performance requirements as per the use case 


IX. APPLICATIONS 


By Applying the IoT in our daily life we can improve 


our 


performance in many fields . Some area where IoT is 


frequently used are: 


1) 


2) 


3) 


4) 


5) 


Smart cities: To make our cities with application of IoT 
. There are several things should be monitored such as 
parking availability in cities, monitoring of vibration and 
conditions materials in buildings and bridges, measure- 
ments of radiation produced by the cell stations. 
Security and Emergencies: such as perimeter access 
control to detect and control of people in non authorised 
and restricted, radiation levels in nuclear power stations, 
Explosive and hazardous gases-to detect gas leakage in 
industrial environment. 

Smart Agriculture: Wine quality enhancing to monitor 
the soil moisture to maintain the amount of sugar in 
groups and vines, greenhouses control micro climate con- 
dition to maximise the production of fruits and vegetables 
and the quality. Study about water resources , meteorolog- 
ical station network study about weather compost to study 
about temperature and humidity to control the fungus and 
mycobacteria. 

Medial Fields: In this, all detection such as Assistance 
for elderly or disabled people living independent, Medical 
fridges for storing medicines, vaccination ,etc. Patient 
surveillance -for monitoring of conditions of patients 
inside hospitals. 

Industrial control: Such as Machine to machine appli- 
cations, machine auto diagnose the problem and control 
the temperature inside the industry, ozone presence- in 
food factories to maintain ozone level,etc. 


X. CONCLUSION 


Internet of Things is the concept in which the virtual world 
of information technology connected to the real world of 
things. The technologies of Internet of things such as RFID 
and Sensor make our life become better and more comfortable. 
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Abstract—E-commerce is basically trading in product or ser- 
vices using computer network such as the internet. With the 
invention of the World Wide Web in 1989, the mere idea of 
electronic commerce which takes place through internet has 
been transformed into reality. With the rapid development of 
e-commerce, security issues are arising from people’s attention. 
The security of the transaction is the core and key issues of 
the development of e-commerce. The technical knowledge which 
is developing widely in human’s mind and the use of internet 
which is also increasing cause of the widespread availability on 
the internet, the hackers, attacker’s become more sophisticated 
in the deceptions. Therefore e-commerce providers can insti- 
gate various security protocols to reduce the risk of attacks. 
Implementation of various security protocols and practicing of 
encryption, authentication, and confidentiality will minimize the 
risk in security. Here in this paper we have discussed the 
overview of e-commerce, security issues in e-commerce, threats 
in e-commerce, key dimensions of e-commerce security, various 
security protocols. 

Index Terms—Overview of e-commerce, security issues in e- 
commerce, threats in e-commerce, key dimensions, and security 
protocols. 


I. INTRODUCTION 


ing and selling of goods and services, or the transmitting 

of funds or data, over an electronic network, primarily 
the internet. These business transactions occur either as b to 
b (business-to-business), b to c (business-to-consumer), c to c 
(consumer-to-consumer) or c to b (consumer- to-business).It 
is the trading or in products or services using computer 
networks like Internet or online social networks. Here the 
Business conducted through the use of computers, telephones, 
fax machines, barcode readers, credit cards, automated teller 
machines (ATM) or other electronic appliances without the 
exchange of paper-based documents or physically moving to 
a shopping mall. 


JE pees (electronic commerce) or EC is the buy- 


II. CATEGORIES OF E-COMMERCE 


The E-Commerce is classified into various categories. 


1) Business-to-business (B2B): Most of EC today is of 
this type. It includes the EDI transactions and electronic 
market transactions between organizations. 

2) Business-to-consumer (B2C): This category consists 
of transactions with individual shoppers. The shopper at 
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flipkart.com is mostly customer and little percentage of 
consumer too. 

3) Consumer-to-consumer (C2C): In this category con- 
sumer sells directly to consumers. Examples are indi- 
viduals selling in olx ads (e.g., www.o1x2015.com) 
and selling properties like cars, houses, furnitures and so 
on. In C2C Advertisement of various personal belongings 
over the Internet and selling knowledge and expertise also 
take place. These days many individuals using organiza- 
tional network to advertise their product for sales and so 
on. 

4) Consumer-to-business (C2B): In this category individ- 
ual sells product to the business organization. And also 
finds sellers, do impressive interaction and finally make 
the deal. 

5) Non business EC: Here the institutions like religious or- 
ganization, educational organization etc. do E-Commerce 
for their various task reducing their expenses and provide 
strong customer service. 

6) Intra business (organizational) EC: In this category 
we include all internal organizational activities, usually 
performed on internets that involve goods etc. Activities 
can range from selling corporate products to Employees 
to online training and cost reduction activities. 


IHI. MODES OF E-COMMERCE PAYMENT 


The following are some of the popular modes of E- 
commerce payment. 


1) Credit Card: A Credit card is actually a payment 
card. Now-a-days most used mode of making electronic 
payment is the use of credit card. The structure of this 
card is rectangular in shape made of plastic and also 
unique card no with the account detail is attached in the 
card. It has also a magnetic strip embedded in it which 
is used to read credit card via card readers. Cardholders 
are allowed to make shopping of goods n services basis 
on the promises made by them to return the money on 
time. 

2) Debit Card: Debit card is almost similar to Credit card. 
In this card the amount of money already remains in the 
card account. The user make the payment using the card, 
the amount get deducted from the account. And so it is 
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3) 


4) 


5) 


required to keep sufficient amount in that bank account to 
make the payment. Debit card, like credit card is a small 
plastic card with a unique number mapped with the bank 
account number. 

Smart Card: Smart card is the card where customer 
personal/work related information is stored and here it 
differs from the Credit Card and debit Card. In function- 
ing it is similar to the Credit card and Debit card. It is 
secure to use and also it is used mostly this days. 
EMoney: EMoney can be understood of storing the 
money and transmitting the money through electronic 
device. Involvement of middle man is not required to 
transfer the money from one financial body to another. 
It is the faster and most convenient way of making 
the transaction which also saves time. All the modes 
of payment (Credit Card, Debit Card, and Smart Card) 
belong to EMoney. 

Electronic Fund Transfer: The transfer of money 
on Computer based from one account/multiple account 
to another account. Accounts can be in same bank or 
different bank. Fund transfer can be done using ATM 
(Automated Teller Machine) or using computer .Elec- 
tronic fund transfer has become popular this days. People 
at ease transfer the money without the physical move. 


Security is one of the crucial parts that restricts customers 


and 


organizations engaging with e-ecommerce. Every trans- 


action that can be applied to the E-commerce has security 


1) 


2) 


measures. 


E-commerce transaction phases: 


a) Information phase 

b) Registration phase 

c) Negotiation phase 

d) Payment phase 

e) Delivery or shipment phase 
Security measures 

a) Access control for integrity checks 
b) Secure contract identification 

c) Digital signatures 

d) Encryption 

e) Secured delivery of the products with integrity checks 
f) Tracking of the products 


IV. MAJOR TECHNOLOGICAL SOLUTIONS TO 
E-COMMERCE SECURITY 


The major technology solutions for e-commerce security 
concerns are encryption, digital signatures, firewalls, intrusion 
detectors and Virtual Private Network (VPN). 


1) 


Encryption: Encryption ensures the confidentiality and 
privacy of messages even if they fall into wrong hands 
as they cannot be read. Cryptography has four basic 
parts: plaintext the original message in human readable 
form, cipher-text the plaintext message after it has been 
encrypted into unreadable form, encryption algorithm the 
mathematical formulae used to encrypt the plaintext into 


2) 


3) 


4) 


5) 


cipher text and vice versa, and key the secret key used 
to encrypt and decrypt a message 

Digital Signatures: Digital signatures ensure that the 
message comes from the right person. Digital signatures 
are based on public key encryption. The basic idea is 
that messages encrypted with a private key can only 
be decrypted with a public key. Essentially, the sender 
creates a phrase (like Harman Preet Singh) and encrypts 
it with his or her private key. This phrase is then attached 
to the message and the combined message is encrypted 
with the recipients public key. Upon receipt, the message 
is first decrypted with the recipients private key. The 
signature phrase is decrypted with the senders public key. 
Firewalls: A firewall is a network node consisting 
of both hardware and software that isolates a private 
network from a public network. There are two basic 
types of firewalls: dual-homed gateways and screen-host 
gateways. In dual-homed gateway a special server called 
the bastion gateway connects a private internal network 
to the outside Internet. 

Intrusion Detectors: Digital signature can provide a 
test for the authenticity and integrity of the information 
content, but it cannot prevent information from being 
changed. There are dangerous threats from intruders like 
malicious code, trapdoors, logic bombs, Trojans, viruses, 
bacteria, worms etc. Intrusion detectors identify and de- 
activate such intruders. 

Virtual Private Network: A virtual private network 
(VPN) combines encryption, authentication, and protocol 
tunneling to provide secure transport of private commu- 
nications over the public Internet 


V. LEGAL AND POLICY ASPECTS OF TECHNOLOGY 
SOLUTIONS 


The e-commerce technologies and related business develop- 
ments are growing at a rapid pace but the relevant laws and 
policies lag behind them. Admissibility of electronic records 
in courts poses a challenge to e-commerce. However, there are 
certain considerable developments in legal and policy aspects 
of e-commerce. Some of them are the following: 


Bill of Lading Act, 1856 

Indian Contract Act, 1872 

Negotiable Instruments Act, 1881 

Bankers Books Evidence Act, 1891 

Sale of Goods Act, 1930 

Banking Regulation Act, 1949 
Hire-Purchase Act, 1972 

UNCITRAL, 1996 

Information Technology Act, 2000 
Insurance Regulation and Development Authority Act, 
2000 

Uniform Customs and Practices 500 
Electronic Uniform Customs and Practices 
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VI. BENEFITS AND LIMITATIONS OF E-COMMERCE 


E-commerce which is most developed electronic transmis- 
sion technology has its pros and cons: 


A. Benefits 


The global nature of the e-commerce technology is that it 
provides the opportunity to reach millions of people. It is inter- 
active in nature. The invention of strong internet connectivity 
and advanced online shopping tools has resulted in new arena 
and that is actually E-commerce. E-commerce play as global 
market. Rapid growth of the supporting infrastructures in many 
potential benefits to organizations, individuals, and society. E- 
commerce is the cheapest means of doing business. Problem 
of time and distance does not arise in E-Commerce. It pro- 
vides buyers benefits i.es increased opportunity with enormous 
variety, better buyers decision. Also, faster and convenient 
characteristic of E-Commerce has made easy individuals life 
and also selling and buying through electronic reduces the 
error. The advantages of E- Commerce turning the normal 
business to hundred percent E-Businesses. There is no end of 
benefits in E-Commerce. 


B. Limitations 


There is a lack of system security, reliability, standards, and 
some communication protocols. There is insufficient telecom- 
munication bandwidth .The software development tools are 
still evolving and changing rapidly. It is difficult to integrate 
the Internet and EC software with some existing applications 
and databases. 

Vendors may need special Web servers and other infrastruc- 
tures, in addition to the network servers. Some EC software 
might not fit with some hardware, or may be incompatible 
with some operating systems or other components. 


VII. THREATS IN E-COMMERCE 


Threat means any potential for violation of security which 
exists when there is a circumstances or an event that malicious 
insiders reach the security and cause harm. E-Commerce tends 
to be at higher risks and threats. 

Threats are basically of two types-active and passive. The 
passive threat is to change the actual data for the transmission 
and send fraud data directly to the E- Commerce server which 
can be also called man in the middle code attack. And the 
active threat is to eavesdrop the transmission of data. 

Any secure e-commerce system must meet four integral 
requirements: 


1) Privacy: Information exchanged must be kept from 
unauthorized parties. 

2) Integrity: The exchanged information must not be 
altered or tampered with. 

3) Authentication: Both sender and recipient must prove 
their identities to each other. 

4) Non-repudiation: Proof is required that the exchanged 
information was indeed received. 


A. Malicious Code Attack 


Under this category most severe threats lies which are 
worms and viruses. Worms are very much different from 
viruses. Worms replicate itself through the internet. It just 
take matter of worm cause harm to the millions of computers 
globally. It cause harm to the resources of the computer. 
Viruses need a file to in which to attach itself to it. Viruses 
basically need a host file. It get attach with the code and cause 
harm while the program in running. It need some kind of 
host to cause attack. And as a result the loss of important 
files, resources take place. Viruses and worms are very much 
different from each other. But we cannot say which is more 
harmful. It depend on the business environment. 


B. Denial of Service Attack 


The denial of service attack basically comes under the 
Transmission attack. The server deals with enormous amount 
of data flow and so the server fail to realize the overflow of 
data and also the attack of fraud data. Denial of service intent 
to deny customer that is provided from the E-commerce server. 
The goal of a denial of service attack is to deny legal users 
access to a particular resource 


C. Technical Attacks 


Technical attacks are one of the most challenging types of 
security compromise an e commerce provider must face. Per- 
petrators of technical attacks, and in particular DenialofService 
attacks, typically target sites or services hosted on high profile 
web servers such as banks, credit card payment gateways, large 
online retailers and popular social networking sites. Technical 
attacks include Denial of Service (DoS), Distributed Denial of 
Service (DDoS) and Brute Force Attacks. 


1) Denial of Service Attacks: Denial of Service (DoS) 
attacks consist of overwhelming a server, a network or a 
website in order to paralyze its normal activity (Lejeune, 
2002). Defending against DoS attacks is one of the most 
challenging security problems on the Internet today. A 
major difficulty in thwarting these attacks is to trace 
the source of the attack, as they often use incorrect or 
spoofed IP source addresses to disguise the true origin of 
the attack DoS attacks can be executed in a number of 
different ways including: 


e ICMP Flood (Smurf Attack: ) 

e Teardrop Attack 

e Phlashing - Also known as a Permanent denial-of- 
service (PDoS) 


2) Distributed Denial-of-Service Attacks: Distributed 
Denial of Service (DDoS) attacks are the greatest se- 
curity fear for IT managers. In a matter of minutes, 
thousands of vulnerable computers can flood the vic- 
tim website by choking legitimate traffic (Tariq et al., 
2006). A distributed denial ofservice attack (DDoS) 
occurs when multiple compromised systems flood the 
bandwidth or resources of a targeted system, usually one 
or more web servers. The most famous DDoS attacks 
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occurred in February 2000 where websites including 
Yahoo, Buy.com, eBay, Amazon and CNN were attacked 
and left unreachable for several hours each. 

3) Brute Force Attacks: A brute force attack is a method 
of defeating a cryptographic scheme by trying a large 
number of possibilities 


D. Non-technical Attacks 


Non-technical attacks also are challenging to the security 
professional as they are difficult to detect and can involve 
human factors which are difficult by nature to correct. Non 
technical attacks include Phishing and Social Engineering. 


1) Phishing Attacks: Phishing is the criminally fraudulent 
process of attempting to acquire sensitive information 
such as usernames, passwords and credit card details, 
by masquerading as a trustworthy entity in an electronic 
communication. Phishing attacks generally target bank 
customers, online auction sites (such as eBay), online 
retailers (such as amazon) and services providers (such 
as PayPal). 

2) Social Engineering: Social engineering is the art of 
manipulating people into performing actions or divulging 
confidential information. Social engineering techniques 
include pretexting, Interactive voice recording (IVR) or 
phone phishing and baiting with Trojans horses. Social 
engineering has become a serious threat to e-commerce 
security since it is difficult to detect and to combat as it 
involves human factors . 


VIII. E-COMMERCE SECURITY AND APPLICATIONS 


The short comings of e-commerce is the security, hackers 
and non-trusted persons may make such type of commerce 
insecure and nontrusted so a good and an efficient security 
method are required. One of the effective tools for ensuring the 
safety of e- commerce transactions, Public Key Infrastructures 
(PKI) combines a digital signature and Certificate Authority 
(CA), which can be public or private-a business acting as its 
own CA is private while a public one offers its services to 
businesses and provides secure key management. 

Studies about E-commerce security focus on the data 
confidentiality issue. Although security mechanisms, such as 
Secure Socket Layer (SSL) or Secure Electronic Transaction 
(SET), have been adopted in websites, catastrophic events 
that confidential data in E-commerce are revealed happened 


more than once. The essential reason for this is that there 
exist potential security vulnerabilities in the E- commerce 
applications themselves. The origins of these vulnerabilities 
are mainly from the lack of reliable input validation that can 
prevent E-commerce application from attacks. SQL Injection, 
Cross-Site Scripting (XSS) and Price Changing Attack are 
mainly known security threats to E-Commerce applications. 
These attacks and the protecting ways by using XML vali- 
dation technology have been discussed and a framework that 
prevents E- Commerce applications from attacks. This study 
measures the effiecency of the different safety methods used 
in e-commerce. 
IX. CONCLUSION 


In conclusion the ecommerce industry faces a challenging 
future in terms of the security risks it must avert. With 
increasing technical knowledge, and its widespread availabil- 
ity on the internet, criminals are becoming more and more 
sophisticated in the deceptions and attacks they can perform. 
In saying this, there are multiple security strategies which 
any ecommerce provider can instigate to reduce the risk of 
attack and compromise significantly. Awareness of the risks 
and the implementation of multilayered security protocols, 
detailed and open privacy policies and strong authentication 
and encryption measures will go a long way to assure the 
consumer and insure the risk of compromise is kept minimal. 
In conclusion the challenges that E-Commerce industry face 
for the security issues can be minimized by the Implementation 
of various security protocol and practicing of encryption, 
authentication, and confidentiality. 
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Abstract—Deep learning techniques are applied in various 
sectors like stock market prediction, social media analysis and in 
bank sectors for finding fraud detection and credit analysis. Video 
analytic systems based on deep learning approaches are becoming 
the basis of many widespread applications including smart cities 
to aid people and traffic monitoring. These systems necessitate 
massive amounts of labeled data and training time to perform fine 
tuning of hyper-parameters for object classification. post perfor- 
mance prediction is conducted using Artificial Neural Networks 
(ANN) and Deep Neural Networks (DNN). This work uses deep 
learning methods for intra-day directional movements prediction 
of Standard and Poors 500 index using financial news titles and 
a set of technical indicators as input. Deep learning methods 
can detect and analyze complex patterns and interactions in 
the data automatically allowing speed up the trading process. 
This paper focus on architectures such as Convolutional Neural 
Networks (CNN) and Recurrent Neural Networks (RNN), Credit 
risk analysis is becoming an important field in financial risk 
management. Many credit risk analysis techniques are used for 
the evaluation of credit risk of the customer data set.. 

Index Terms—Post performance, deep neural network (DNN), 
artificial neural networks (ANN), recurrent neural networks 
(RNN), convolutional neural networks (CNN), ELM, decision 
tree. 


I. INTRODUCTION 


growing fields in artificial intelligence.it is an artificial 
intelligence function that imitates the working of the 
human brain in processing data and creating patterns for use in 
decision making. Deep learning is a subset of machine learning 
in artificial intelligence that has networks capable of learning 
unsupervised from data that is unstructured or unlabeled. 
Deep learning techniques are applied in various sectors like 
stock market prediction, social media analysis and in bank 
sectors for finding fraud detection and credit analysis. With the 
help of various methods in deep learning along with artificial 
intelligence. Stock market prediction is the most difficult task 
because of its volatile nature and are influence by many 
external factors. The intention of most investors is to maximize 
the profit. Artificial intelligence and the growth of available 
data have made it possible to predicting stock price behavior. 


De learning is one of the most influential and fastest 
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Traditional approaches use artificial intelligence with technical 
analysis and fundamental analysis. Technical analysis based 
on the historical price moment and behavior of a financial 
time series. Fundamental analysis is based on the external 
information and fast financial statement. Financial time series, 
news title textual data are the main input sources. 

Output of stock market predictions are obtained by the 
application of event embedding and technical indicators. Re- 
cently more computation capability and availability for han- 
dling massive database with use of machine learning models. 
Modern approaches using deep neural networks and event 
representation vectors from news headlines as input. Our 
prediction model consists of CNN (Convolutional neural net- 
work), RCNN (recurrent Convolutional neural network) and 
LSTM (long-short-term memory). All the above techniques are 
used for natural language processing and building a prediction 
model using either numerical or textual information as input. 

The studies yield better stock market prediction and to fore- 
cast intraday(daily-prediction) directional movement. Long- 
term-mid term event vectors are fed into CNN layers that 
produces feature maps which are concatenated with short term 
event vector and fed into hidden layers. Later the information 
is fed in to LSTM layer for analyzing temporal relationship. 
Outcomes from numerical and textual information are the 
combine and fed into final hidden layers to make prediction. 
RCNN uses set of seven technical indicator obtained from 
target series and financial news title published the day before 
prediction day. RCNN is a combination of CNN and RNN 
hence advantage from both models are inherited by RCNN. 

Social medias like Facebook place an important role in 
health care promotion and education. Compare to Traditional 
media like news paper, TV and radio, usage of Facebook 
is massively done for information decimation interactivity 
that enables both anonymity and social networking accords 
to personal preferences. Benefits of social media usage have 
produced better results that is up to 350 millions of photos 
where upload by individuals and ornamentation to Facebook 
per day and produced 4 millions like every minutes. Majority 
of the Facebook receives less user attention because well 
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resource company can afford by more exposure than smaller 
organization predicting the model which can help health care 
organization in terms of social media marketing strategy. Dif- 
ferent algorithm and models used to find the effective method 
to evaluate performance depends on the relevant attributes. 


Deep learning has an higher influential tool for predicting 
high accuracy and precision in computer vision related tasks. 
In the analysis of video stream data deep learning algorithm 
faces major challenges like availability of large amount of data 
tuning of hyper parameters and training time of deep network. 
Video analytic system is based on deep learning approaches 
which are the base for many widespread applications. In cloud 
based video analytic, deep learning model classifies objects 
from video streams. 


Different mathematical functions are used and we have 
varied the parameters to different values in between suitable 
ranges and most optimum values for finding the accuracy of 
the proposed system. The process is done in several steps. 
Object are extracts from video analytics system through object 
detection and are scaled to 150*150 pixels and are normalized 
before feeding into deep network. 


The CNN perform better with normalized data. Cloud 
computing paradigm is used for training the proposed video 
analytic system. The training process is further enhanced by 
utilizing iterative map-reduce framework instead of simple 
map-reduce. Enhance the training data-set by performing 
transformations including rotation ,flip and skew on it and 
scale the underlying infrastructure to perform feature learning 
mechanism from large amount of video data then we employee 
an in-memory distributed system to perform parallel training 
of the deep learning model. 


Fraud detection is the recognition of symptoms of fraud. 
Where no prior suspicion or tendency to fraud exists. For ex- 
ample, Include insurance fraud, credit card fraud and account- 
ing fraud. Technological innovations continuously emerge, 
enabling new risk- management techniques and helping the 
risk function make better risk decisions at lower cost. Big data, 
machine learning, and crowd sourcing illustrate the potential 
impact. Machine learning. This method improves the accuracy 
of risk models by identifying complex, nonlinear patterns in 
large data sets. Every bit of new information is used to increase 
the predictive power of the model. Some banks that have used 
models enhanced in this way have achieved promising early 
results. Since they cannot be traditionally validated, however, 
self- learning models may not be approved for the regulatory 
capital purposes. 

Banking industry has the major activity of lending money to 
those who are in need of money. Where credit card analysis is 
becoming an important field in risk management. The banking 
system evaluates the accuracy of the data sets in order to 
classify the loan applicants into good or bad classes. The 
applications which are in the good classes have the high 
probability of returning the money to the bank. The applicants 
are in bad classes have low probability of returning of the 
money to the bank. So, they are the defaulters of the loans. 


II. RELATED WORKS AND PREDICTION MODEL TO 
DETERMINE STOCK MARKET USING DIFFERENT NEURAL 
NETWORK SYSTEM 


Many attempts are done to predict the stock market price. 
Depending on the neural network model and input, the predic- 
tion get varied. Based on the previous studies it can be split 
in to two main processes: 


e Deep learning with textual information 
Traditional approaches like bags of words were not 
applicable to represents semantic of news headlines.E- 
R information were not retrieved properly. Using open 
information (Open IE) structured events was extracted 
from news headlines and contents(Ding.et .al framework 
in 2014) and are fed into neural network to predict stock 
later they are fed in to LSTM to forecast the stock 
prizes. The result produced better than using a single 
information.k market and later event embedding approach 
was used. 

e Deep learning with both textual and numerical infor- 
mation 
Deep learning approach was used to analyze both type 
of information. Accord to Akita et.al (in 2016) with the 
help of paragraph vector approach news headlines were 
converted and then they are merged with the prize vectors. 


A. Proposed framework model 
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Fig. 1. Deep learning with both textual and numerical information 


The process are done in step by step processes: 
e Pre-processing 
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where C, is the closing price at day t, H, is the highest price at day t, Lẹ is 
the lowest price at day t, MA, is moving average of the past n days, and 
H H, and L |, are the highest high and the lowest low in the past n days, 


respectively. 


Fig. 2. Formulas 


Preprocessing is done in several steps. 
1) Technical indicators 
By using seven technical indicators and historical price 
data a new feature is computed (see Figure 2). 
2) Normalization 
Since the indicators has different range of values this 
technique is used to standardize the input vectors. 
y= 
z= 7E, 
o 


B. Event representation and event embedding 


Event representation is used to extract event representation 
from new papers using open IE.this transforms the news 
headlines in to three tuples (Actor, Action, Object). 

For example Microsoft agrees to buy Nokias mobile phone 
business for 7.2 billion doller.here actor= Microsoft ac- 
tion=buy and object=Nokias mobile phone.in event embedding 
the process creates an event vector by feeding into actor action 
and object vectors.by this method news headlines with similar 
evens are categorized in to similar event vectors. 


C. Proposed model 


It is advanced form of Dings model by adding numerical 
data as input to improve the prediction model. The first part 
consist of average event embedding vector is extracted from 
daily news headlines.event vectors are separated into three 
parts.long term events (30days),midterm events (7 days) short 
term events (1 day). 

Long term and mid term are fed into CNN pooling to extract 
feature maps.the feature maps from both long and mid term 
events are concatenated with short terms events and then they 
are fed into the hidden layers. 

Output from hidden layers are then connected with the two 
perceptrons (softmax activation function).output from softmax 
function is the prediction based on event vectors. 

The second part consist of numerical input as vector(30 
days of seven indicator).this vector is fed in to LSTM and 
the output from LSTM is fed into hidden layers which are 


connected to two perceptrons(softmax activation function).the 
output of softmax is based on technical indicators. 

Finally all the outputs are concatenated and then fed in 
to final hidden layer to predict the upcoming days stock 
market movement.this output is in the form of binary +1 
represents stock price will increase -1 represents stock price 
will decrease. 
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Fig. 3. Proposed model 


For forecasting the intra-day directional movement we 
widely use the RCNN model in financial series by using 
financial news articles and technical indicators as input.and 
the model is named as SI RCNN. The model are comprised of 
four stages namely input layer, convolutional layer, recurrent 
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layer and output layer. 
1) Input layer 
This layer consists of two inputs technical indicator and 
sequence of news titles namely technical indicator layer 
and embedding layer.technical layer consists of sequence 
of seven technical indicators in chronological order and 
embedding layer consists of set of titles from news 
headlines from day t which are organized in chronological 
order. 


Output layer 
Class 1 Class 2 


j 


h li / 


Technical indicator layer 


Fig. 4. Different layers 


2) Convolutional layer 
This layer consist of four operations that are done con- 
secutively.convolution,sub sampling or pooling,activation 
and drop out.this methods are used to get local infor- 
mation with a combination of sentence vector. The layer 
also uses a technique called max pooling function that 
are used to retrieve most important information in the 
sequence. 

3) Recurrent layer 
Two separate recurrent layers are used one from the 
Convolutional layer and second from the technical indi- 
cator layer. A special RNN known as LSTM is used for 
introducing new structured called memory cell. This type 
of structure is used in order to prevent vanishing gradient 
problem. 

4) Output layer 
This output layer is connected with softmax activation 
function are used to predict the daily price movements. 
The output will be in the form of binary labels in 
which[1,0] implies stock prize will increase and [0,1] 
implies stock prize will decrease. CNN And LSTM are 
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Fig. 5. Different stages 


used to forecast the stock market prediction for a given 
period of time with the usage of event embedding and 
technical indicator mechanism where as advanced version 
of CNN named as RCNN is used to predict the stock price 
movement on daily basis or called as intraday prediction. 


II. POST-PREDICTION USING DNN 


Deep learning is social media data from YouTube or known 
data sets with images such as MINST (handwritten digits). 
Extant literature suggests that the combination of the right 
model and high computational power 

In the case of social media post based health care prediction 
which done by the following steps: 


1) Data from 153 public Facebook walls of various public 
health organizations was collected using Social Data 
Analytic Tool (SODATO). 

2) The is preprocessed and visualization and transformation 
is done. 

3) Clustering is done with use of K-Means, that is by 
performance measures. 

4) Then the cluster is validated. 

5) Then apply the classification algorithms ANN and DNN 
to predict the accuracy. 


As a result, ANN prediction with quantitative data men- 
tioned much lower accuracy than results achieved in this 
methodology. Our findings show that very deep neural net- 
works do not contribute to higher accuracy results and are 
quite time consuming in terms of the processing power with 
health care data set from Facebook. Video analytics have been 
a major area of research from last few decades. A number 
of tools and techniques have been developed to overcome 
challenges for analyzing video stream data. These challenges 
include high accuracy, precision and execution time of the 
system. Deep learning has emerged recently as an influential 
tool to achieve high accuracy and precision in computer vision 
related tasks. 


IV. RELATED WORK 


Most of the successful video analytics systems developed 
in the recent past employ shallow networks from the machine 
learning domain to perform object classification. These shal- 
low networks are made to use hand crafted features These 
features were normally obtained from small local patches 
of subsequent video frames and then aggregated to pro- 
duce global features for appearance and motion information. 
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Fig. 6. Outline of process 


This phenomenon tends to produce high dimensional feature 
vectors which made them incapable for large scale video 
processing. Also, these systems were not very successful with 
the video streams captured under uncontrolled environmental 
conditions and resulted in a drop of accuracy and precision. 
Convolutional neural network based video analytics systems 
proved to be successful as compared to shallow networks 
recently. 


V. VIDEO ANALYSIS MODEL 


We present the approach of our video analytics system 
in this section and formulate its mathematical model. The 
modeling is performed from the pre-processing stage to final 
classification which becomes the basis of our scalable and 
robust video analytics system. Figure 1 shows the work flow 
of our proposed system. It works on decoded video streams 
and at the very first step it decodes the encoded video frames 
into individual frames. The number of generated video frames 
depends on the length of input video stream. The further 
analysis for object classification is then executed on individual 
video frames. 

The decoded video frames data set in our system is rep- 
resented as; Training set X = (x1, x2,. . xn) where x1, x2,. 

., Xn represent the decoded frames from the video streams 
Each decoded frame of the video stream is converted to gray 
scale from RGB. This helps to reduce the number of channels 
from three to one as gray scale video frame consists of only 
one channel. It reduces the processing time without having an 
effect on the accuracy of the system. The gray scale converted 
frames undergo an object detection phase in which a bounding 
box is created around the area of detection of the desired 
object, i.e, a face in our system. 

After detection, the detected area is cropped around the 
area of detection to extract the desired object from the video 
frame. This narrows down the frame processing area for object 
classification phase. We denote the extracted object patch 
by ER(x;b) where x denote the crop of frame x i by the 
bounding box bi. The extracted objects from the video frames 
are scale data size of 150*150 pixels and normalized before 
feeding them into the deep neural network. The normalization 
is performed to have the pixel values between the range of 
0 to 1.The Convolutional neural network can perform better 
with the normalized data. 


The extracted normalized objects are scaled to fixed sizes 
w * h which are the inputs to Convolutional neural network. 
The labeled training data used in our system is scarce and 
in order to enhance it for optimal performance, we executed 
transformations on the input data set including translation, 
skew, rotation flip and different level so contrast variations. 
The additional training data by using transformations increases 
the accuracy of the classifier. These transformations are gener- 
ated by applying a fine displacement fields to video frames.The 
Convolutional neural network is then trained to classify and 
discriminate among the generated classes. 


VI. SYSTEM IMPLEMENTATION 


The implementation phase consists of pre-processing, train- 
ing and classification steps. The preprocessing initiates by 
decoding the video streams into individual frames. The number 
of generated video frames depends on the length of video 
stream being decoded. The decoded video frames are con- 
verted to gray scale which reduces the number of channels 
from three to one. The gray scale video frames take much 
less processing time and edges and contours of an object in 
a video frame are easily detectable in them. We have used 
haar cascade classifier to detect objects of interest from the 
video frames. The video frames are cropped around the area 
of detection to extract detected objects. The extracted objects 
from the video frames are stored in a multidimensional data 
structure provided by an open-source library named as nd4j. 
An n dimensional array (so called tensors) is created to store 
the pixel values of video frames. We have defined a data set 
iterator which has the capability to iterate over the data which 
is loaded into the memory. The iterator helps to read the data 
in a vectorized format which is required for the training of 
the network. The data set iterator iterates over the data set 
objects which contain features as well as the labels for the 
video frames. 


VII. FRAUD DETECTION AND CREDIT RISK ANALYSIS IN 
BANKING 


Fraud detection is the recognition of symptoms of fraud. 
Where no prior suspicion or tendency to fraud exists. For ex- 
ample, Include insurance fraud, credit card fraud and account- 
ing fraud. Technological innovations continuously emerge, 
enabling new risk-management techniques and helping the risk 
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function make better risk decisions at a lower cost. Banking 
industry has the major activity of lending money to those who 
are in need of money. Where credit card analysis is becoming 
an important field in risk management. The banking system 
evaluates the accuracy of the data sets in order to classify 
the loan applicants into good or bad classes. The applications 
which are in the good classes have the high probability of 
returning the money to the bank. The applicants are in bad 
classes have low probability of returning the money to the 
bank. So, they are the defaulters of the loans. 


A. Theory of deep Reinforcement learning 


Fraud detection the theory of Deep Reinforcement Learning 
(DRL) is used. DRL can be deal efficiently with the curse of 
dimensionality unlike tabular and traditional non parametric 
method.In value-based reinforcement learning we have a con- 
troller (agent) and a system (environment) to be controlled. 
At a discrete time t, the controller emit a control signal, often 
called an action a , based on the system is state xt.That is 
defined as 


co 


R, ar ro 


s=0 


2 3 
ret V't+1 Hy Tt42 + > Tt43 F esmas 


Partially Observable MDP 

Partially observable MDP (POMDP) is a problem of ob- 
taining the optimal policy in such a partially observable 
environment. Some policy-based methods which incorporate 
value learning have been proposed which result in both stable 
and efficient learning.Policy-based Reinforcement Learning 
Some policy-based methods, which incorporate value learning 
have been proposed which result in both stable and efficient 
learning. Policy- gradient Actor-critic Learning In this section, 
an elegant policy gradient learning method, policy- gradient 
actor-critic learning, is introduced. 


B. Credit card risk analysis methodology 


Different types of techniques are used for the evaluation of 
credit data sets for the better and reliable credit risk analysis. 
In this literature survey we have discussed different approaches 
to the credit risk analysis. 


1) Decision tree 
Decision tree is a predictive model which maps the 
observation about an item represented in branches to 
conclusion about a target value represented in leaf. Each 
internal node or non-leaf node is labeled with an input 
feature. Each leaf node is labeled with a class. The 
branches tell the possible value that these attributes can 
have in the observed samples, the terminal nodes are the 
final value of the dependent variables. 

2) Extream learning machine(ELM) 
ELM is developed by Huang is developed for general- 
ized single hidden layer feed forward networks. ELM 
randomly select the hidden node parameter after which 
the network can represents as a linear system and output 
weights can be computed analytically. ELM tends to 
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Fig. 7. Artificial Neural Networks 


obtain a smallest training error and the smallest norm 
of weights that leads to good generalization. ELM is 
very fast in learning and provides good generalization 
performance on many artificial and real large applications 
ELM is a novel training algorithm for a single layer feed 
forward network and is very effective and efficient. 
Multilayer perceptrons 

It contains input layer, output layer and one or more hid- 
den layer between them. All the layers are fully connected 
to each other. The processing element of each layer except 
the input layer is called the nodes which behave like 
a neuron. Each node in the one layer connected with 
another node connected with a certain weight in the next 
layer. There are multiple layers of neurons with nonlinear 
activation function. These layers allow the network to 
learn the relationship between input and output vectors. 
Artificial neural networks 

Artificial neural network is constituted of a group of 
neural networks that connect with a weighted node. Every 
node can replicate a neuron of creatures and the synaptic 
that connects among the neuron is equal to connection 
among these nodes. The neural network consists of three 
layers that is input layer, hidden layer and output layer 
and it is called multilayer perceptron. In the MLP the 
network of layers connected as a layer of input units 
connected to a layer of hidden units which are then 
connected to a layer of output unit as shown in below. 
Ensemble the classifier 

An Ensemble of classifier involves a group of base 
classifiers which are trained individually. To ensemble 
a classifier the decision is taken by base classifiers. 
The jointly decision for classification of new and un- 
seen instances is taken by voting. The voting may be 
weighted or non-weighted. To ensemble the classifier the 
base classifiers are combined in a way so that higher 
performance is achieved in combined classifier than the 
alone one classifier. Some researchers have shown that 
by using the aggregating approach the classifiers can 
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easily achieve improved accuracy on aggregation of the 
individual classifier in classification application as well 
as credit evaluation. To ensemble a classifier the decision 
is taken by base classifiers various different approaches 
of aggregation used for enhance the accuracy of classifier 
they are Bagging and Boosting. 
a) Bagging: 
In bagging mostly similar kind of classifier are chosen 
as base classifier. Using bagging approach one can 
produce different decision structures by having the 
different training set of having the same size and that 
is done by sampling the training set with replacement. 
b) Boosting 
Boosting creates an ensemble of classifier by sampling 
again the training data set which then combined by 
cost function or majority vote. 


6) Data set used 

Mostly two credit data sets such as German credit and 
Australian credit data set are used for the performance of 
machine learning algorithms and also used for ensemble 
learning. These two data-sets are collected from the UCI 
machinery repository. There are two classes in the data 
set which is the good and bad reflection of the creditors 
to whom loan is approved and not approved. 


TABLE I 
DATASETS 
Data set Attributes | Instances | Classes 
Australian 14 690 2 
German 20 1000 2 


7) Result and discussion 

The performance of these classifiers evaluates using the 
two-credit risk data set which is widely used i.e. German 
and Australian data sets. Many more data sets are used 
for the classifier evaluation. Most of the evaluation is 
carried out in MATLAB software environment. Many- 
survey paper shows result that the ELM classifier gives 
better accuracy and is faster than any other classifiers. We 
have analyzed and compare their accuracy using different 
types classifiers and from comparison table we found that 
the ELM classifier gives better accuracy compare to other 
classifiers that is ELM gives 96.33(%) in German and 
96.32(%) in Australian data set. 


VIII. CONCLUSION 


Stock market prediction can be done by using the methods 
and various techniques of deep learning like with event em- 
bedding vectors and technical indicators along with the help 
of inputting financial series. The model consist of CNN LSTM 
and RCNN. An average prediction can be done by using the 
methods given former.For intra day stock price movement the 
method of Convolutional layer along with reccurent layer is 
used. 

Cloud based video analysis can be don with the help of 
deep learning method.the process are done different stages 


TABLE II 

COMPARISON OF DATASETS 
Algorithm Data set Accuracy 
Bayesian classifier | German Australian | 77.10 86.96 
Naive-Bayes German Australian | 77.20 78.26 
Decision tree German Australian | 85.50 90.72 
KNN German Australian | 72.20 89.10 
K-means German Australian | 79.20 80.40 
MLP German Australian | 73.00 86.95 
ELM German Australian | 96.33 96.32 
SVM German Australian | 78.40 85.94 
ANN German Australian | 77.45 82.56 


which consists of object classification from video streams 
and also contains its own training set for performing various 
transformation. Several factors contributed to achieve high 
accuracy such as optimal selection of learning rate, regular- 
ization, normalization and optimization algorithms. The design 
of multi-layer network including number of layers and their 
parameters also played a major role in achieving high accuracy 
in the system. 

While dealing with banks, the customers and the banks have 
the chances of falling an easy prey to the frauds. So, both the 
parties wish to be secure while dealing with each other. The 
data mining techniques can help them to detect and prevent 
frauds. The data mining techniques will help the organization 
to focus on the ways and means of analyzing the customer 
data in order to identify the patterns that can lead to frauds. 
The most intriguing point of Deep Reinforcement Learning 
(DRL), regardless of whether it is model-free or model-based, 
is to realize prediction of future reward in terms of Bellman- 
like self-consistent equations. The theory of DRL will thus 
grow by incorporating concepts and knowledge from various 
research fields, such as machine learning, control theory and 
fraud detection in banking. This paper opens the doors for 
further research in the credit risk using the machine learning 
classifier and the ELM classifier will also evaluates the noisily 
data set and will compare with the advanced classifier which 
are also introduced in the financial field. 
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Machine Learning Techniques and Mail Rank 
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Abstract—Social networks are recognized as popular commu- 
nication channel but in this one of the problems is spam messages. 
Spam messages can contain malware in the form of the executable 
file and the link to the malicious websites or the links which 
do not exist. Through this paper we present a comprehensive 
review of the most effective e-mail spam detection techniques. 
We have analyzed two different approaches: Machine Learning 
approach and Mail Ranking Approach. This paper doesnt intend 
to glorify any one of the approach instead discuss the pros and 
cons associated with both approaches. 

Index Terms—Spam, ham, Bayesian classifier, naive Bayes, 
support vector machine, NB-SVM, spam filtering technique, mail 
rank. 


I. INTRODUCTION 


method of exchanging messages over the internet. 

Whether it’s a personnel message from a family mem- 
ber or a company-wide message, around the world email 
is a preferred means for communication. But the increased 
dependence on e-mail has induced the emergence of many 
problems caused by “illegitimate” e-mails i.e. spam. A spam 
is an irrelevant or unsolicited message sent over the Internet, 
typically to a large number of users, for advertising, phishing, 
spreading malware, etc. Spam e-mails are unsolicited and un- 
ratified and usually, mass-mailed. 

Spam being a carrier of malware causes the proliferation 
of unsolicited advertisements, fraud schemes, phishing mes- 
sages, explicit content, promotions of a cause, etc. On an 
organizational front, spam effects include: (i) annoyance to 
individual users, (ii) less reliable e-mails, (iii) loss of work 
productivity, (iv) misuse of network bandwidth, (v) wastage of 
file server storage space and computational power, (vi) spread 
of viruses, worms, and Trojan horses, (vii) financial losses 
through phishing, (viii) denial of service (DoS), (ix) directory 
harvesting attacks, etc. 

Over a couple of decades, e-mail spam volume has increased 
exponentially and is not just an annoyance but a security threat. 


JE pero ot erra is a fast, effective and inexpensive 
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II. E-MAIL AND SPAM FILTERS 


When an e-mail is sent, it enters into the messaging system 
and is routed from one server to another till it reaches the 
recipients’? mailbox. E-mail depends on few primary protocols: 
SMTP (Simple Mail Transfer Protocol), POP3 (Post Office 
Protocol) and IMAP (Internet Message Access Protocol). The 
transmission details are specified by the SMTP protocol. POP3 
and IMAP are the most widely implemented protocols for the 
Mail User Agent (MUA) and are used to receive messages. A 
Message Transfer Agent (MTA) receives mails from a sender 
MUA or some other MTA and then determines the appropriate 
route for the mail. The recipients MTA delivers the incoming 
mail to the incoming mail server Mail Delivery Agent (MDA) 
which is basically a POP/IMAP server. MUAs (e.g. Mozilla 
Thunderbird, Microsoft Outlook, etc.) are email clients and 
help the user to read and write e-mails. 

Spam filters can be deployed at strategic places in both 
clients and servers. Many Internet Service Providers (ISPs) 
and organizations deploy spam filters at the email server level, 
the preferred places to deploy being at the gateways, mail 
routers, etc. They can be deployed in clients, where they can 
be installed at proxies or as plug-ins, as in. Some spam filters, 
(e.g. SpamBayes) can be deployed at both server and client 
levels. 


HI. SPAM EVOLUTION 


A couple of decades earlier spam e-mail content was mainly 
textual. Therefore, spam filters analyzed only the e-mail body 
and header to distinguish ham (legitimate e-mails) from spam 
e-mails. Today, however, amateur advertisers and opportunists 
harness addresses from chat rooms, web pages, newsgroup 
archives, service provider directories, etc and send junk e-mail 
blindly to millions without much cost. To deliver spam email 
to a huge number of recipients, spammers often resort to use 
of bulk mailing software or e-mail harvesters. One reason why 
spam is difficult to filter is because of its dynamic nature. The 
characteristics (e.g. topics, frequent terms, etc) of spam e-mail 
vary rapidly over time as spammers always seek to invent new 
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strategies to bypass spam filters. A proper understanding of the 
spam nature and evolution can help much in the development 
of proper countermeasures. Some of the evasion techniques 
and major trends in spam are given below: 


e Word obfuscation 

e Bayesian poisoning attack 
e Backscatter spam 

e Image spam 

e Phishing 


IV. MACHINE LEARNING APPROACH TO E-MAIL SPAM 
DETECTION 


Spam filtering is a binary classification task, in which 
legitimate (good or ham) e-mails are treated as negative (- 
) instances, and spam as positive (+) instances. Automatic 
e-mail classification uses statistical approaches or machine 
learning techniques and aims at building a model or a classifier 
specifically for the task of filtering spam from a users mail 
stream. Some of the most popular Machine Learning tech- 
niques to counter spam filtering are Naive Bayes, Support 
Vector Machines, Decision Trees, etc. The building of the 
model or classifier requires a set of pre-classified documents 
(training set or an initial corpus). The process of building the 
model is called training. 


A. Bayesian Classifier 


Naive Bayes classifier is the popular statistical classifier 
known for email filtering, It uses the text classification method 
for identifying spam mails. Naive Bayes uses tokens (words) 
with spam and ham emails for calculating probability to 
determine whether a mail is spam or not. 

Several evaluation criteria are used to classify a mail as 
a spam. As we formulate the spam detection problem as 
a Bayesian classification problem, each mail undergo one 
of four possible scenarios. Though Error rate (fraction of 
wrongly classified Instances ) may be of limited interest in 
our context where data sets are unbalanced. Additionally, we 
report standard measures such as precision, recall, and error. 

The existing system mainly works on main headers like 
the subject, body of mail and mailing address but we are 
dealing with only the body of mail which is estimated based 
on content. Content-based filter checks for information in the 
body of mail by considering subjects, VRLs for acceptance, 
rejection, and classification of mail by considering content to 
spam and legitimate mail. 

1) Training: We are using mail dataset collected from 
Gmail which consists of spam mail and legitimate mail. 
These mails are considered as input in HTML format for 
preprocessing. 

2) Preprocessing: The following are some of the com- 
monly used preprocesing processes . 


e Html Tag Removal 
The input Emails are in HTML format so this contains 
the tag, so to filter the text we need to remove the tags. 
e Stopword Removal 


Preprocessing : 


aHTML Tag Removal 
>> Bavesian Classifier 


ee | 


as b)Scopweed Removal 
Training Dataset = 


c)Tokesizatios 


Word Frequeacy : i 
Testing Dataset 


Fig. 1. Content based spam detection e-mail using Bayesian Classifier 


which is the stopword list consists of terms includ- 
ing prepositions, articles, conjunctions and certain high- 
frequency words (such as some verbs, adverbs). 

e Tokenization 
Lexical analysis also named as tokenizing, also involves 
dividing the content of text into strings of character 
called as tokens. Filtering techniques uses white space 
(blank) removal and removal of punctuation symbols in 
tokenizing. 

e Word Frequency 
This counts the frequency of words depending on its 
occurrence, It helps in deriving the word probability for 
spam and legitimate mails. 


3) Bayesian Classifier: It is method used for text clas- 
sification, which gives efficient learning algorithm for data 
mining. This uses Bayes classifier theorem which is based 
on conditional independence assumption: 


P (spam|word) = [P (word|spam) P (spam)] / P (word) 


Considering spam probability for words, it evaluates spam 
and legitimate mails for classification then gives performance 
measurement. 

4) Testing Dataset: This is derived from Gmail consisting 
of spam and legitimate mails. It also needs to be preprocessed 
to give pure text then classification is done by using Bayesian 
classifier. Then correctly classified instances (mails) and in- 
correctly classified instances (mails) are evaluated. 

5) Performance Measurement: It is essential to derive per- 
formance on the basis of some parameters such as accuracy, 
error, precision and recall are evaluated. 

We have emphasized Bayesian approach for classifying 
Spam and legitimate mails using supervised learning across 
features extracted. Applying the Bayesian classifier, we experi- 
mentally demonstrated that spam mails can be detected with an 
accuracy of more than 96.46% with respect to real world gmail 
data sets. The mail dataset once trained, effectively detect 
a potentially spam mails and thus help internet users from 
avoiding those spam. As future work, We will integrate these 
content based spam detection system with malicious URL 
detection to improve the accuracy of the system for detecting 
spam mails and malicious URLs. 
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B. Support Vector (SVM) 


Support vector machine is an algorithm to classify the 
dataset by the feature vector into two classes. In SVM spam 
filter the email is classified into spam email and ham email 
by using SVM algorithms. SVM have greater accuracy due 
to high precision and recall rate, but it has low classification 
speed and require large dataset to train the system. 

In SVM filter it requires a labeled dataset which is label 
as spam and ham. This dataset is the filter and then all 
the messages are separated into a number of tokens. Token 
code is allocated to each token. For each word calculate the 
appearance frequency. Along with the feature make a feature 
vector with token code and appearance frequency. 


(X1; Y1), (X2; Y2), ..., (Xn; Yn) 


where Xi is a vector with a numeric value as the number of 
times token occurs in the message. Yi (+1, -1) which define 
two classes, +1 = Spam, -1 = Ham. Along with the feature 
vector, SVM constructs a hyper plane by plotting a vector 
point. 


Fig. 2. Hyper plane 


SVM Algorithm: Process for classifying whether an e-mail 
is a spam or ham. 


1) Filter the data 

2) Separate all messages into tokens 

3) Make a vector with the token code and its appearance 
frequency. 

4) Construct the hyper plane:- class +1 for spam class -1 for 
ham. 


C. NB-SVM 


NB-SVM algorithm is used to detect spam emails. NB- 
SVM is a hybrid spam filtering algorithm which requires the 
advantages of both NB and SVM. Naive Bayes (NB) algorithm 
is having fast classification and also requires small dataset 
but it has low accuracy and support vector machine (SVM) 
algorithm having high accuracy. SVM algorithm is capable to 
find out a perfect hyper plane which divides training samples 
into two categories. SVM increases accuracy and NB increases 
speed, because of this we implement an innovative hybrid NB- 
SVM algorithm to increase the performance of spam detection. 


Data feature 
Collection Eitrachon 
Classified Draw 

Data Hyperplane 


Fig. 3. SVM Architecture 


In the NB-SVM algorithm, the dataset is divided into training 
set and testing set. Training data is first processed by NB 
algorithm in which it calculates the probability for each word 
in message in the dataset and compares it with a threshold 
value which classifies the data.The data processed by NB is 
going to SVM to improve accuracy by calculating the feature 
vector, it draws the hyper plane along with this vectors and 
classifies the data. 

NB-SVM Algorithm: Divide the labeled dataset into training 
data and testing data. 


1) Training phase 
Input: 80% of data 
a) Filtration: 
i) Remove insignificant words. 
ii) Remove words having a length more than 3. 
iii) Remove case sensitivity that converts all letter in 
lower case. 


b) NB based training 
Input: filter dataset 


i) Calculate the spam probability for each word in the 
message. 

ii) Then calculate the composite probability for each 
message 

iii) Compare composite probability with a threshold 
value 0.5. 

iv) If the composite probability is less than 0.5 then: 
the message is ham. Otherwise, spam. 


c) SVM based training 
Input:NB classified dataset 


i) Separate each word into tokens. 

ii) Each token is given a token code. 

iii) Make vector with token code and appearances time 
of the word in a message i.e. (xi,yi), ..., (xn,yn) 
where xi is a vector and yi is either +1 or -1. y= 
+1, define class 1 having label spam and y= -1, 
define class -1 having label ham. 

iv) Construct the hyper plane along with the vector and 
plot the vector point and draw the hyperplane line 
as more point should closer to the line. 
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v) Classify data as spam or ham. 


2) Testing phase: 
Input: 20% of the dataset 
a) Filtration: 
i) Remove insignificant words. 

ii) Remove words having a length more than 3. 

iii) Remove case sensitivity that converts all letter in 
lower case. 

b) NB based training: 
Input:filter dataset 
i) Calculate the spam probability for each word in the 
message. 

ii) Then calculate the composite probability for each 
message 

iii) Compare composite probability with a threshold 
value 0.5. 

iv) If the composite probability is less than 0.5 then: 
the message is ham. Otherwise,spam 

c) SVM based training: 

Input: NB classified dataset. 

i) Separate each word into tokens. 

ii) Each token is given a token code. 

iii) Make vector with token code and appearances time 
of the word in a message i.e. (x1, yl), ...,(xn, yn) 
where xi is a vector and yi is either +1 or -1. y= +1, 
define class 1 having label spam and y= -1,define 
class -1 having label ham. 

iv) Construct the hyper plane along with the vector and 
plot the vector point and draw the hyperplane line 
as more point should closer to the line. 

v) Classify data as spam or ham. 


Data Colection > Text Clarification,..w Filtered Dataset 


r 


NB Based Training 


+ 


NB Classified Dataset 


’ 


Prediction Matrix - SVM Based Training 


LA 


Classification 


Fig. 4. NB-SVM Architectuere 


V. SPAM DETECTION USING MAILRANK 


Currently, spam emails already outnumber non-spam ones, 
so-called ham emails. Existing spam filters still exhibit some 
problems, which can be classified in two main categories: 

1) Maintenance, for both the initialization and the adaptation 
of the filter during operation, since all spam filters rely 
on a certain amount of input data to be maintained: 
Content-based filters require keywords and rules for spam 
recognition, blacklists have to be populated with IP ad- 
dresses from known spammers, and Bayesian filters need 
a training set of spam / ham messages. This input data 
has to be created when the filter is used first (the cold- 
start problem), and it also has to be adapted continuously 
to counter attacks of spammers. 

2) Residual error rates, since current spam filters cannot 
eliminate the spam problem completely. First, a non- 
negligible number of spam emails still reaches the end 
user, so-called false negatives. Second, some ham mes- 
sages are discarded because the anti-spam system con- 
siders them as spam. Such false positives are especially 
annoying if the sender of the email is from the recipients 
community and thus already known to the user, or at 
least known by somebody else the user knows directly. 
Therefore, there is a high probability that an email 
received from somebody within the social network of 
the receiver is a ham message. This implies that a social 
network formed by email communication can be used as 
a strong foundation for spam detection. 

Even if there exists a perfect anti-spam system, an additional 
problem would arise for high-volume email users, some of 
which simply get too many ham emails. In these cases, 
an automated support for email ranking would be highly 
desirable. 

MailRank is a new approach to ranking and classifying 
emails according to the address of email senders. The central 
procedure is to collect data about trusted email addresses from 
different sources and to create a graph for the social network, 
derived from each users communication circle. 


A. Mail Rank 


In order to compute a rank for each email address, MailRank 
collects data about the social networks derived from email 
communication of all MailRank users and aggregates them 
into a single email network. 

The above figure depicts an example email network graph. 
Node U1 represents the email address of U1, node U2 the 
email address of U2, and so on. U1 has sent emails to U2, 
U4, and U3; U2 has sent emails to U1 and U4, etc. These 
communication acts are then interpreted as trust votes, e.g., 
from U1 towards U2, U4 and U3, and depicted in the figure 
using arrows. 

Building upon the email network graph, we can use a power 
iteration algorithm to compute a score for each email address. 
This can subsequently be used for at least two purposes, 
namely: (1) Classification into spam and ham emails, and (2) 
build up a ranking among the remaining ham emails. 
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Fig. 5. Sample e-mail network 


The computation includes the email addresses of all voters 
(i.e. the “actively participating” MailRank users) and the email 
addresses specified in the votes. Therefore, it is not necessary 
that all email users participate in MailRank to benefit from it: 
For example, U3 does not specify any vote but still receives 
a vote from U1 and will, thus, achieve some score (if U1 is 
not a spammer itself). 


B. Basic Mail Rank 


The main goal of MailRank is to assign a rank to each email 
address known to the system and to use this rank (1) to decide 
whether each email is coming from a spammer or not, and (2) 
to build up a ranking among the filtered non-spam emails. Its 
basic version comprises two main steps: 


1) Determine a set of email addresses with a very high 
reputation in the social network. 

2) Apply the power iteration algorithm to the email network 
graph, biased on the above determined set to compute the 
final MailRank score for each email address. 


Regarding the attack resilience, it is important for the 
biasing set not to include any spammer. This is a very efficient 
way to counter malicious collectives of spammers trying to 
attack the ranking system. 

We first determine the size p of the biasing set by adding the 
ranks of the R nodes with the highest rank such that the sum 
of the ranks of these R nodes is equal to 20% of the total rank 
in the system. Also, we additionally limit p to the minimum 
of R and 0.25% of the total number of email addresses in the 
graph7. In this manner we limit the biasing set to the few most 
reputable members of the social network. 

The result of the overall MailRank algorithm, the final 
vector of MailRank scores, can be used to tag an incoming 
email on the email proxy as (1) non-spammer, if the final 
score of the sender email address is larger than a threshold T, 
(2) spammer, if the final score of the sender email address is 
smaller than T, or (3) unknown, if the email address is not yet 
known to the system. 


C. Mail Rank Architecture 


MailRank is composed of a server, which collects all user 
votes and delivers a score for any known email address, and 


an email proxy on the client side, which interacts with the 
MailRank server. 

The MailRank Server collects the input data (1.e., the votes) 
from all MailRank users to run the MailRank algorithm. The 
votes are assigned with a lifetime for (1) Identifying and 
deleting email addresses which havent been used for a long 
time, and (2) Detecting spammers which behave good for 
some time to get a high rank and start to send spam emails 
afterwards. 

The MailRank Proxy resides between users email client and 
her regular local email server. It performs two tasks: When 
receiving an outgoing email, it first extracts the users votes 
from the available input data (e.g., by listening to ongoing 
email activities or by analyzing existing sent-mail folders). 
Then, it sends the votes to the MailRank server and forwards 
the email to the local email server. 


D. Mail Rank Under Spammer Attack 


By definition, spammers send the same / very similar mes- 
sage to very many (typically millions of) recipients. However, 
they can run two different strategies to choose the sender 
address: First, they use a new (random) email address for 
each spam message even if they send the same message 
to millions of recipients. In this manner, they are trying to 
circumvent blacklists of email addresses. Furthermore, they 
use these addresses only for sending spam emails to non- 
spammers. Second, they use email addresses from well-known 
non-spammers (forging of sender address) assuming that these 
addresses are in the whitelists of many spam detection tools. 

As soon as the MailRank service becomes widespread, 
spammers will surely try to attack it in order to increase the 
rank of their own address(es). For example, spammers could 
issue votes from one or several spammer addresses to one 
or several non-spammer addresses. However, the algorithm 
ensures that it is not possible to change your own score by the 
votes you are issuing towards others. Therefore, such attacks 
are only reasonable if the spammers vote for another spammer 
address to increase its rank forming a malicious collective. 

Another possible attack is to make non-spammers vote for 
spammers. To counter incidental votes for spammers (e.g., 
because of a misconfigured vacation daemon), an additional 
confirmation process could be required if a vote for one par- 
ticular email address would move that address from spammer 
to non-spammer. However, spammers could still pay non- 
spammers to send spam on their behalf. Such an attack can be 
successful initially, but the rank of the non-spammer addresses 
will decrease after some time to those of spammers due to the 
limited life time of votes. 


VI. CONCLUSION 


Through this paper we have analyzed two different ap- 
proaches of spam detection: Machine Learning approach and 
MailRank approach. 

In Machine learning, spam filters are either developed on 
SVM or on NB, but it has some drawbacks as SVM has great 
accuracy but slow classification speed and require more dataset 
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and NB has fast classification speed but having low accuracy 
and requires small dataset, thus we implement a combination 
of both SVM and NB, NB-SVM which gives a more accurate 
result than both separately implemented NB and SVM. 

MailRank is a new email ranking and classification scheme, 
which intelligently exploits the social communication network 
created via email interactions. On the resulting email network 
graph, a power-iteration algorithm is used to rank trustworthy 
senders and to detect spammers. MailRank performs well both 
in the presence of very sparse networks: Even in case of a 
low participation rate, it can effectively distinguish between 
spammer email addresses and non-spammer ones, even for 
those users not participating actively. MailRank is also very 
resistant against spammer attacks and, in fact, has the property 
that when more spammer email address are introduced into the 
system, the performance of MailRank increases. 
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A Survey on Network Visualization 
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Abstract—Network visualization is the process of visually 
presenting networks of connected entities as links and nodes. 
MANET-Viewer II (Mobile Ad-hoc Network Viewer II) is a 
visualization system for the visualization of packet flow in mobile 
ad-hoc networks. Software defined networking and network 
visualization provide a solution for the deficiency of traditional 
network such as lack of scalability and difficulty of network 
management. A SDN controller platform based on Docker engine 
is presented for network visualization. N Vision IP is an interactive 
network flow visualization tool for security. It allows security 
engineers to detect and stop attack on network. 

Index Terms—MANET Viewer, packet flow, DualNet, SDN 
controller, NVisionIP, SDN architecture. 


I. INTRODUCTION 


ETWORK visualization, graph visualization or link 
News is the process of visually presenting networks 

of connected entities as links and nodes. Nodes rep- 
resent data points and link represents the connection between 
them. Visualizing network data from tree structure to fully 
connected graphs, is a difficult problem in information visu- 
alization. In this visualization we not only have to visualize 
the attribute specific to each data item, but also the attributes 
of links specifying how those items related to each other. 
The approaches resolving these difficulties focus on clustering, 
filtering and using various layout methods. DuelNet is a tool 
which address this problem by allowing users to navigate 
multiple coordinated views of the same network. 

MANET- Viewer II (Mobile Ad-hoc Network Viewer II) is a 
visualization system for the visualization of packet flow in mo- 
bile ad-hoc networks. Since the communication in MANETs 
is done by wireless links it is difficult to grasp how the 
packet flow between communication nodes. There are many 
visualization system for MANETs such as Mesh Vista and 
NS-2. 

Software defined networking and network visualization pro- 
vide a solution for the deficiency of traditional network such 
as lack of scalability and difficulty of network management. A 
SDN controller platform based on Docker engine is presented 
for network visualization. It is carried out for the detailed 
design of virtualization solution. Elastic Optical Network 
(EON) which will play an important role in achieving both 
flexibility and robustness. EON is considered to be a promising 
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architecture for realizing network virtualization since it can be 
maximize spectral efficiency and provide network flexibility. 

Software defined networking based network visualization 
is applied into Evolved Packet System (EPS) architecture of 
Long Term Evolution (LTE). SDN provides powerful and sim- 
ple approaches to manage the complex networks by creating 
programmable, dynamic and flexible architecture, abstraction 
from hardware and centralized controller structure. 

NVision IP is an interactive network flow visualization tool 
for security. NVision IP provides a visualization of an entire 
class B network, then allows users to drill down and gather 
more details about the hosts on network. It allows security 
engineers to detect and stop attack on network. 


II. DUALNET: A COORDINATED VIEW APPROACH TO 
NETWORK VISUALIZATION 


Network visualization is a challenging endeavor that be- 
comes increasingly difficult as networks increase in size. This 
is particularly true of the standard node-like representation of 
network data. One example of this is Vizster, a visualization 
tool written using the Prefuse toolkit, for visualizing the 
specific domain of online social networks. The tool approaches 
the problem of clutter by showing only a small number of 
nodes and edges initially and allowing the user to expand 
from that. Although this does help, it does not allow the user 
to get an overview of the whole collection as advocated by 
the widely used in the Visual Information Seeking Mantra, 
Overview first, zoom and filter, then details-on-demand. Other 
representations, such as the Matrix-based and TreeMap have 
been explored to complete specific tasks and display specific 
types of networks. Such representations, however, are still 
limited by in the number of dimensions and relationship types 
they can coherently display in a single visualization. 

To address shortcomings in previous approaches, we look 
to coordinated views. Coordinated Views are a powerful 
technique for providing the user with feedback about the 
relationships between two or more visualizations and has been 
used extensively in navigating multidimensional data. One 
example of this is PairTrees, a tool for visualizing hierarchical 
graphs (trees), expand it to general network graphs, as well 
as only on different views of the same graph, rather than 
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links between different data sets. Next, a similar concept to 
viewing two structures in a network was explored by Burch 
and Diehl where they were concerned with visualizing object 
trees with an underlying taxonomy structure. Although this 
approach has its advantages, it can be argued that it also 
introduces visual clutter and cognitive load by representing 
the different structures on top of one another in the same 
view rather than side-by-side in two separate views. Snap- 
Together is a visualization architecture that allows users to 
coordinate views of multiple visualization tools, but requires 
the visualization tools to preexist and the interactions between 
the views are limited. Finally, a tool called SocialAction 
introduces a systematic approach to analyzing social networks 
with attribute ranking and coordinated views using many 
standard social network analysis measures like centrality and 
degree. The coordinated views in this tool, however, is not 
used between multiple representations of the same network, 
but only to links from different components such as the search 
and ranking results. 


HI. MANET-VIEWER II: A VISUALIZATION SYSTEM FOR 
VISUALIZING PACKET FLOW IN MOBILE AD-HOC 
NETWORKS 


A mobile ad-hoc network (MANET) is a collection of 
randomly moving wireless devices within a particular area. 
Unlike in cellular networks, there are no fixed base-stations 
to support routing and mobility management. In MANETs, 
the network scale is changed by increasing the number of 
nodes connected to the network and the topology is changed 
by moving the nodes. MANETs are autonomous distributed 
systems that comprise a number of mobile nodes connected by 
wireless links forming arbitrary time-varying wireless network 
topology. Mobile nodes function as hosts and routers. As hosts, 
they represent source and destination nodes in the network, 
while as routers, they represent intermediate nodes between a 
source and destination, providing store-and forward services to 
neighboring nodes. Nodes that constitute the wireless network 
infrastructure are free to move randomly and organize them- 
selves in arbitrary fashions. Therefore the wireless network 
topology that interconnects mobile hosts can change rapidly 
in unpredictable ways or remain relatively static over long 
periods of time. 

In MANETs, a route is constructed by a routing protocol 
and the packets are sent from the source node to the destination 
node using the constructed route. However, for humans, it is 
difficult to know which route is used for packet flow. This 
is because the route is automatically determined by routing 
program and all packets dont flow the same route since the 
network topology is changed over the time. However, in order 
to analyze the performance of MANETs, it is very important 
to grasp the network topology and the packet flow. However, 
MANETs have problem of wireless network link instability 
and poor efficiency. Since the network is composed of mobile 
nodes, the battery has a limited functioning time. Moreover, 
the range of the wireless radio is also limited, thus the network 
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Fig. 1. Network virtualization by using SDN controller 


may be disconnected because of unexpected node moving or 
the radio wave cant reach neighbor nodes. 
There are many visualization system for MANETs such as 
Mesh Vista and NS-2. 
1) Mesh Vista 
Mesh Vista is a monitoring system for ad-hoc networks 
developed by the ThinkTube Company. Mesh Vista has 
a middleware called Mesh Cruzer, which constructs the 
ad-hoc network and makes its visualization. So, Mesh 
Vista needs a special node for the Mesh Cruzer. By 
using Mesh Vista is possible to get the connection status 
between nodes, MAC address, IP address and the type 
of communication equipments. However, in Mesh Vista, 
the node position is not taken into consideration, only 
the connection information between nodes is used for 
visualization. Furthermore, Mesh Vista cannot make the 
visualization of the packet flow. 
2) Network Animator 
NAM can make the visualization by using the output data 
of NS-2. 
In MANET we implemented the following functions: 
e Packet Log Acquiring Function, 
e Packet Log Collection Function, 
e Animation Table Creation Function, 
ə Animation Displaying Function, 
e Viewer Function. 


IV. NETWORK VIRTUALISATION BY USING SDN 
CONTROLLERS 


Network virtualization is carried out by using SDN con- 
troller based on docker. First,we build the virtualization plat- 
form for the management of the whole network with SDN 
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controllers.An image of the SDN controller is bult according to 
the specific demands to the network.Then the controller image 
is accessed to create the docker container on the hardware 
platform.after SDN controller application start to run on the 
Docker container. 

Second,abstraction and virtualization are operated on the 
physical network resources.As shown in figure based on the 
different needs of users and services to the network,the SDN 
controller platform abstract the control function of each virtual 
network,and then divides theunderlying network into two 
virtual network,each with one SDN controller. Each SDN 
controller runs one curresponding flowtable for each virtual 
network. 

Third,the isolation of the control plane from the data 
plane is carried out to ensure noninterference among dif- 
ferent SDN controllers and isolation among different virtual 
networks.The isolation of the resources on the data plane 
suchas CPU,flowtables and port queue is got by the data plane 
isolation. 

In the application shows that,the SDN controllers,eachof of 
which is corresponding with a virtual network,implementing 
the control over underlying virtual network,The corresponding 
SDN controller will handle the register events received from 
the low level SDN switches.The SDN controller platform also 
processes the routing protocol data packets received from the 
eastbound and westbound interfaces,after that,the lowerlevel 


SDN switches will add,delete or update the flow tables,thus 
the network routing tables are worked out to realize the 
communication between SDN network and IP network. 


V. FLEXIBLE AND ROBUST OPTICAL NETWORK 
TECHNOLOGIES FOR SDN AND NETWORK 
VIRTUALIZATION 


It reviewed current optical networking research for high 
flexibility, efficiency, and robustness, which are indispensable 
for network virtualization in the limited physical network 
resource environment. The elastic optical network, whose fea- 
sibility has been verified over the last few years, is a promising 
architecture for realizing network virtualization and SDN. In 
addition, operational considerations such as robustness and 
future-proof management model are of increased importance. 


A. Evolution of Elastic Optical Networking 


1) Synegetic Evolution of Networking and Device Tech- 
nologies 
Networking and device technologies for EON have been 
advancing in lockstep with each other. Recent progress 
on device and transmission technologies such as grid- 
less wavelength selective switches (WSSs) and subcar- 
rier transmission using digital coherent technology have 
paved the way for EON which offers multi-rate and 
adaptive modulation formats. These advances yielded 
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a novel hardware architecture in EON; the multi-flow 
transponder (MF-TP) , the elastic regenerator, and so on. 

2) Control and Management plane of SDN-based EON 
EON has the considerable advantage of high spectral 
efficiency due to its excellent optical path flexibility, but 
its management complexity remains a concern. Therefore, 
if SDN can eliminate the concern by better automating 
the provisioning of optical networks, SDN would well 
support EON Computing. 


There have been many experiments on transport SDN in 
the flexible grid environment despite even though the SDN 
concept is still quite new. Fig. 2 shows an example of con- 


nection and equipment data management models of MF-TP, in 
which connection data is separated from hardware-dependent 
data. The virtual transponder, an abstraction from a group of 
sub-transponders, is dedicated to a certain optical path and 
represents a transmission entity. 


B. Robust Transport Technology 


1) Adaptive Restoration 
Survivability is essential for robust networks. EON can 
also contribute to fault tolerance with the adaptive mod- 
ulation technology provided by elastic optical transpon- 
ders. Even if both working and protection routes are cut 
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because of a disaster, connections can be restored by 
selecting surviving detour routes. 
2) Future Technology for Fault Tolerance 

Protection switching time in transport networks must 
generally be less than 50 msec, however, centralized 
control schemes alone cannot satisfy this requirement. 
Other problem lies in equipment failure. Transponders are 
fragile, but the aforementioned adaptive restoration does 
not offset transponder failure. We are now addressing 
these problems with a novel scheme that adds redundant 
data to the original data by erasure-coding and parallel 
transmission. 


VI. NETWORK VIRTUALIZATION FOR MOBILE OPERATORS 
IN SOFTWARE-DEFINED BASED LTE NETWORKS 


It propose a novel cellular network architecture eluding 
network virtualization controller for mobile core and backhaul 
sharing. Software-Defined Networking (SDN) based network 
virtualization is applied into Evolved Packet System (EPS) 
architecture of Long Term Evolution (LTE) networks . 


A. Proposed System Architecture 


SDN allows the capability of adaptive virtualization based 
on different scenarios including topology, hardware, device, 
central processing unit and band width of the individual links 
with priority settings within the network amongst MOs. In 
currently deployed Radio Access Network (RAN) architecture, 
the location of eNodeBs associated with each MO architecture 
under the consideration of several The SDN framework allows 


Other reference points 


—— Main NFV reference points 


Functional model for NFV An Examplel 


for the BTP to act as a broker part such as average UE 
distributions and traffic loads, in this setting to modify and 
adapt the slices in real time and they cannot be instantaneously 
changed with a remote based on the agreements between the 
BTP and the MOs. SON allows the capability of adaptive 
virtualization based network virtualization controller. Second, 
sub-virtualization on different scenarios including topology, 
hardware, device for all MO’s applications are performed 
within a mobile central processing unit. 


VII. INVESTIGATING SOFTWARE-DEFINED NETWORK AND 
NETWORKS-FUNCTION VIRTUALIZATION FOR EMERGENT 
NETWORK-ORIENTED SERVICES 


A workgroup was created in the year 2013 to particu- 
larly explore on how SDN, or Software-Defined Network, 
could be practically implemented, taking into consideration 
not just technical, but also the social and economic impacts. 
The founding technologies required to support the possible 
implementation of SDN are yet evolving, which provides a 
huge scope to study the performance of these systems, to be 
deemed viable, practically. 


A. SDN Architecture 


According to the Open Networking Foundation (ONF), 
SDN can be defined as a network in which where the software- 
oriented (control) and the hardware-oriented (data-forwarding) 
planes would be dissociated. This is so that the physical 
infrastructure of the Network could be separated from the 
business applications and functions. 
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Fig. 6. The shared SDN based EPS architecture for LTE networks with multiple MOs 


This evolution aims to counter the usual issues of per- 
formance, scalability, strength, as well as compatibility, by 
supporting multiple vendors, since it is an essential pre- 
requisite that the different domain controllers of SDN must 
be able to co-exist for it to be successfully implemented. 
This would, however, be largely impacted by the level of 
functionality provided. 


B. SDN and NFV : Technical Evaluation 


An important aspect to consider is the guarantee of Qual- 
ity of Service (QoS) for whatever services are being pro- 
vided by the SDN. Taking maximum advantage of network- 
programming capabilities provided by SDN, specific advances 
have been made in addressing the issues related to enforcement 
and scrutiny of QoS factors. 


VIII. CONCLUSION 


Technology, as well as socio-economic factors are expected 
to get improved, correspondingly with a reduction in the 
cost, with the proposed evolution of networks aiming at the 
provision of a highly dynamic and flexible collaboration of 
resources that have been virtualized, also connected through 
virtual links that are possibly setup and worn down, dynam- 
ically, on-demand, to service the various client applications. 
SDN, in combination with NFV, is expected to show the initial 
path for this revolution. 

The investigation been carried out here is quite complex as 
it considers not just the extent to which performance needs to 
be managed, but also the effective coordination of the activities 
associated with the virtualization of network functions. More- 
over, many have argued that this proposed implementation 
should first take place at the network edges,to contain the 


level of investment necessary. This is also considered to be 
a cost-efficient solution, as it would be possible to scale 
up the architecture quite naturally, with the use of virtual 
nodes, which would surely generate corresponding increase in 
revenue. The combination of SDN, and NFV, would therefore 
augment evolution of not just the End-User devices, CPEs, 
or Customer Premise Equipments and Terminals, but even 
provide the consideration for aggregation of network edge 
nodes. Similar trends can be observed in other industries 
too. Thus, this SDN-NFV collaboration can be considered 
to facilitate even other novel environments that are capable 
of enhancing performance, efficiently, by stretching beyond 
dogmatic Telecommunication and IT frameworks. Such a rev- 
olution is truly inevitable, largely due to continuous evolution 
and optimization of hardware technology, which provides the 
much needed boost to encourage unconventional economic 
paradigms. 
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Abstract—Spontaneous networks are sometimes called as ac- 
cidental networks formed by nodes which are allocated in close 
proximity and which connect to each other and share resources 
and services. The creation of networks with security concern is 
a point of issue in wireless network. This paper aims to explain 
the creation of networks in secure manner. The updations of the 
nodes and further communication in the networks are to be done 
in hierarchical means. The root and parent node selections are to 
be done as the most efficient nodes in terms of mobility, energy 
and by counting the number of neighboring nodes. The nodes in 
the network maintains parent and child ID’s. The work focuses on 
decreasing the overhead during data communication. By using 
the efficient head node selection the energy management can 
done properly. The structured communication protocol enables 
to achieve data communication more perfectly than the existing 
works. 

Index Terms—Secure hierarchical protocol, spontaneous net- 
work, wireless ad hoc networks, energy efficiency. 


I. INTRODUCTION 


OBILE Ad Hoc Network (MANET) also called as 
M ees ad hoc network that has a routable net- 

working environment on top of a link layer adhoc 
network. It consist of mobile nodes connected wirelessly in a 
self configured without having a fixed infrastructure MANET 
nodes are free to move randomly as a network topology change 
frequently .each node behave as a router as they forward traffic 
to other specified node in the network. The creation of network 
with security concern is a point of issue in wirless network. 
The updations of the node and further communication in the 
network to be done in hierarchical means. The root and parent 
node selection to be done as the most efficient node in the term 
of mobility. Energy and by counting the number of neighbor 
nodes. 

Quality of services defined as a set of services requirements 
that need to be met that by the network while transporting a 
packet stream from source to destination. Ant colony algorithm 
can be used for ad hoc network. The basic idea of QoS routing 
algorithm is taken from the food searching behaviour of real 
ants. It deposits pheromone on the path taken to determine the 
availability of foot by marking their path through the decisions 
space on the edges. Each ant find its next hop according to the 
state transition route and each ant find the shortest path rapidly 
by applying the local updating route and global updating route. 
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The main task of a wireless sensor node is to service 
and collect data from a certain domain and process them 
and transmit to the link where the application lies. There 
are two types of routing algorithms, reactive and proactive 
protocols. An ant colony optimization, there are two types of 
ants Forward Ant (FANT) and Backward Ant (BANT). BANT 
utilize the useful information gathered by FANT. FANT report 
network delay conditions to BANT. 

In order to facilitate communication within a mobile ad hoc 
network, an efficient routing protocol is required to discover 
routes between mobile ad hoc nodes. Power is one of the most 
important design criteria. Power failure of a node not only af- 
fects the node itself. But also its ability to forward packets also. 
There are 5 different power-aware metrics based on battery 
power consumption at nodes for determining broadcast rout 
in wireless ad hoc networks using these matrices in a power- 
aware broadcasting algorithm reduces the cost /broadcast of 
routing packets to all destination. 


II. HIERARCHICAL PROTOCOL 


Here describes a hierarchical structured way of spontaneous 
mobile ad hoc network creation and maintenance. Peer to 
peer unstructured means of communication results in flooding. 
This results in misuse of bandwidth. So the design focus on 
Secure creation of network with bandwidth and energy as main 
constrain .For secure creation each of the node in network 
needed to be properly authenticated. The nodes that wishes 
to join the network should passes through an authentication 
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phase, where each node proves its unique identity. These 
unique nodes are assigned with IP address. These secure node 
is been ready for the structured hierarchy process. In the 
process the decision parameters such as mobility of node, 
energy and node connectivity are taken into consideration. The 
Head node selection is based on the above decision parameters. 
The parent node in one of cluster become member of higher 
level and clustering at higher layer, thereby a layering process 
taken place. 


A. Node Joining Procedure 


The system is based on the use of an Unique Identity Factor 
(IDF). The IDF will be unique value for each node. It may 
include information such as name, photograph, email or other 
type of identification of user. Here we are taking the position 
value of the node as unique identifiers. The node joining 
network has to do following to create the IDF : 


e Create unique data of User in a file. 


e Entry level node has to enter the unique value and send 
to a node in network. 


e Decrypt the value obtained. 
e ompare with original value. 


B. Authentication Procedure 


When a new node wants to join in a network which is 
already existing, it just need to choose a node which is in the 
communication range to authenticate the corresponding node, 
say node A. The Authenticated node in range will send its 
public key. As a reply, the new node will send its IDC signed 
by authenticated nodes (As)public key. Next, Authenticated 
node(A) will validate the data which is received and the hash 
of the message is verified in order to check whether the data 
has been modified or not. In current step, A will establish 
the trust level of new node by physically looking ,which will 
be depending on whether A knows new node or not. Finally, 
IDC data is send from A to B (even if it decides not to trust 
B, it will do so). Bs public key (which has been received 
on Bs IDC) will be signed by the data. New node validates 
As IDC an establishment between the trust and validity in A 
only by integrity verification and authentication. If the joining 
request is unanswered by A, the new node need to opt another 
networking node. 


C. Hierarchical Processing of Criteria 


An Analytical Hierarchical Process is used to select the 
best node as cluster head .It is a multi-criteria technique. The 
process combines qualitative and quantitative factors. Here 
Cluster Head Election is the focus of problem. The best node 
can be elected based on the 3 criteria. In order to avoid the 
flooding of data with in network, Parent Head selection to be 
done, and thereby hierarchy of network to be created. The 
Parent Head selection step involves: 

e A structured hierarchy process, a well structured way to 

get priority it is needed to decompose the criteria into the 
following steps: Focus on problem 


e Problem definition and determine the criteria which af- 
fects the behavior. 

e Structure the criteria hierarchy from the top with the 
result of the criteria, then criteria on which elements 
depend to the lowest level. 


e Compare each criteria in the corresponding level and 
assign them on the numerical scale. Diagonal elements 
are equal or | and the other elements will simply be the 
reciprocals of the earlier comparisons. 


e Use the priorities obtained from the comparisons to weigh 
the priorities in the level immediately below. Continue 
this for each element. 

Calculating the remaining energy(battery energy): If a node 
which act as cluster head node having low energy or battery 
power then during communication it may be fail to serve if 
battery is drained. So calculate energy of node is important. 
Each node in network will consume energy during the packet 
send by it, received by it and by overhearing. So energy used 
by node is: 

Where Energy consumed by node is sum of energy used 
during transmission, reception and overhearing by node. Cal- 
culating the Connectivity of node: Maximum numbers of 
nodes when connected to a particular node increase its serving 
capability .Each nodes buffer will store the request that it gets 
for joining the network. The node which processes maximum 
requests will have better communication with neighbouring 
nodes. Calculating the Mobility of node: Nodes that have low 
mobility form more stable clusters. By finding rrelative postion 
about x and y axis the node position can be find out. Thus the 
Cluster Head will posses : 

e Sufficient energy. 

e Can communicate with maximum possible nodes. 

e Low mobile nodes are better. 

e Having fewer load. 

To make matrix comparison, it needs a limit of numbers that 
shows how many times more important one element is with 
another element with respect to the criterion described above. 
The limit of number from 1 to 9,and put whole number in 
relavent position and its reciprocal in the transpose position. 
The priority calculation by adding each row of the matrix and 
dividing by their total sum. 


D. Cluster Head Election and Hierarchical Topology Forma- 
tion 

Cluster Head election in proposed work is based on three 
best criteria namely energy, connectivity and mobility. At the 
initial point time, the node with lower Id become cluster 
head, later when other nodes joins for a time period T. In 
hierarchical topology, elected cluster heads at the lowest level 
become members of the next higher level. These new members 
in turn organize themselves into clusters, and so forth. The 
goals of clustering are the efficient utilization of radio channel 
resources and the reduction of network layer routing overhead. 
The head selection defines the layering id of a node as the 
sequence of MAC addresses of the nodes on the path from 


Anju N et al, “Mobile Ad Hoc Network” 


54 


proceedings of Vidya MCA Departmental Seminar (VMCADS - 2019) , 22 - 23 November 2019 
Department of Computer Applications, Vidya Academy of SCience & Technology, Thrissur — 680501 


MANET Routing 
Protocols 


| 


Table driven/ 
Proactive 


On-Demand Driven/ 
Reactive 


DSR 
AODV 
TORA 


CGSR ¥ 
i Hybrid 


ZRP 


Fig. 2. Routing protocols in MANET 


the top hierarchy and back to the node itself. This address is 
sufficient to deliver a packet to its destination from anywhere 
in the network. 


II. ROUTING PROTOCOLS IN MANET 


They are classified as table driven, hybrid and on-demand 
basis routing protocols. Where AODV is on demand based 
protocol and AOMDV, PAAODV protocols are extended part 
of AODV and they belong to On-demand basis routing proto- 
cols. 


A. On-demand Routing Protocols 


Routing information is collected as required, and creation of 
route depends on sending route request and route reply query. 

1) Ad-hoc On-demand Distance Vector(AODV): This proto- 
col is based on classic bellman fordrouting algorithm. AODV 
is a combination of DSR and DSDV protocol. Here during 
a communication, it generates ROUTE REQUEST Message 
(RREQ) and forward to its neighbors to which communicating 
nodesgive a reply to the source node with a probable path 
using ROUTE REPLY Messages(RREP). If the paths has not 
used for some time, that paths not require and are rejected 
from its table. After detecting an invalid route to its neigh- 
bors a node, removes that route entry and sends a ROUTE 
ERROR(RERR) message to neighbors. 

Advantage: 

e Paths are created when needed due to which there is a 

reduction on routing load. 


e Lower delay for connection setup. 
Disadvantage: 


e Causes heavy control overhead because of large number 

of reply packets when giving an answer. 

2) Dynamic Source Routing (DSR): Dynamic Source Rout- 
ing (DSR) comes under the reactive routing protocol category, 
as it is capable of discovering the route from source to destina- 
tion only when required and needed. Dynamic Source Routing 
protocol uses a process called Route Discovery Mechanism. 
DSR protocol has of two techniques: Path Discovery and 
maintaining that path. 

Advantage: 


e Suitable for low mobility network. 


e Lowest Control overhead in terms of number of control 
packets. 


Disadvantage: 
e Large packet size causes significant overhead. 
e Delay time for connection set up is more than table driven 


ones. 
3) Ad-hoc On-demand Multipath Distance Vector 
(AOMDV): AOMDV is more improved algorithm to 


AODV protocol with extra features for calculating more than 
one paths in a single path discovery procedure. This protocol 
works in two fold, first path creation after that maintaining 
that path. In a single route search procedure more number of 
paths are discovered. This algorithm use three kind control 
messages for its operation and they are RREQ, RREP and 
RERR. 

Advantage: 

e Reduce discovery time to search for a route. 

e Provide more frequency than single path protocol in a 

single route discovery. 

e Less number of interruption to application data traffic. 

Disadvantage: 

e Increased message overheads during route finding due to 

increased flooding. 

4) Power Aware Ad Hoc On Demand Distance Vector 
(PAAODV): This is improvised version of AODV, which 
implements more number of power level information during 
route discovery. Here each node attempts to find a path to the 
destination at start with low power levels. If they can find a 
route, then the power level is improved. It remains until find 
exact route. During execution, two types of power levels are 
used namely low and high. 

Advantage: 

e Reduction of power consumption for each data packet. 

e Creation of low overhead for route searching procedure. 

e Reduce route discovery time. 


B. Table-driven routing protocols 


Here every node keeps either one or more tables to store 
all connections between all other nodes in the network. These 
tables are regularly updated. 

1) Destination Sequenced Distance Vector (DSDV): It is 
based on Bellman-Ford algorithm with major changes as 
application require. Every node which is moving has a table 
where they store all destinations and information like next 
hop node, total number of hops towards destination, sequence 
number of the destination node etc. 

Advantage: 

e Most suitable for small networks where topology changes 

are limited. 


Disadvantage: 


e New sequence number is necessary for each network 
changes. 


e Regular update of its routing table causes bandwidth 
problem. 


e Huge volume of control messages. 
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C. Hybrid Routing Protocols 


This type of protocol combines the advantages of proac- 
tive and reactive routing. The routing is initially established 
with some proactively prospected routes and then serves the 
demand from additionally activated nodes through reactive 
flooding. 


D. Definitions of performance metrics 


1) Throughput 
Throughput is defined by the amount of received data by 
the destination nodes in a period of time.AODV has better 
throughput value compared to DSR, PAAODV, AOMDV 
and DSDV. With increasing number of nodes the through- 
put value of AOMDV is same as the throughput value of 
DSR. 

2) Average End-to-End Delay (E to E Delay) 
E2E Delay = Receiving Time Sending Time 
DSR has shortest end to end delay value and DSDV 
has more end to end delay value than the rest protocols. 
Hence DSR gives best performance. 

3) Packet Delivery Ratio (PDR) 
This is the ratio of the number of data packets success- 
fully delivered to the destinations to those generated by 
sources. PDR =((received packets/sent packets) * 100) 

4) PAAODV 
PAAODV gives less packet delivery ratio value compared 
to other protocols. With the increasing number of nodes 
PAAODV has better PDR value as compared to AODV, 
DSDV and AOMDV. But PAAODV gives same PDR 
value as DSR with increasing number of nodes. 

5) Residual Energy (RE) 
The residual energy is the remaining energy at every node 
which is the energy left after the packet transmission. 
Residual Energy = Total Energy Consume Energy 
PAAODV gives a better performance based on residual 
energy and has more remaining energy value as compared 
to other protocols. 


IV. ANT COLONY OPTIMIZATION BASED ROUTING IN 
AD-HOC NETWORK 


Quality of Service is usually defined as a set of service 
requirements that need to be met by the network while 
transporting a packet stream from source to destination. The 
network is expected to guarantee a set of measurable specified 
service attributes to the user in terms of end-to-end delay, 
bandwidth, probability of packet loss, energy and jitter. The 
essential task for QoS routing is to find a feasible path through 
mobile ad-hoc networks between the source and destination 
which will have the necessary resources available to meet the 
QoS constraints. Recently a new family of algorithms emerged 
inspired by swarm-intelligence, which provides a novel ap- 
proach to distributed optimization problem. The expression 
Swarm Intelligence defines any attempts to design algorithms 
inspired by the collective behavior of social insect colonies 
and other animal societies. 


The main quality of 
the colonies of insects, 
ants or bees lies in the 
fact that they are part 
of a self-organized 
group in which the 
keyword is simplicity. 


Every day, ants solve 
complex problems 

due to a sum of simple 
interactions, which are 
carried out by individuals. 


The ant is, for example, 
able to use the quickest 
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Fig. 3. Ant Colony Optimisation Algorithms 


A QoS routing algorithm for ad-hoc networks based on 
an improved ant colony algorithm. New algorithm can find 
paths that satisfy more QoS requirements of the incoming 
traffic and at the same time by energy consumption control 
increase lifetime of network as much as possible. The basic 
idea of the ant colony optimization meta heuristic is taken 
from the food searching behavior of real ants. When ants 
are on they way to search for food, they start from their 
nest and walk toward the food. When an ant reaches an 
intersection, it has to decide which branch to take next. 
While walking, ants deposit pheromone, which marks the route 
taken. The concentration of pheromone on a certain path is 
an indication of its usage. With time the concentration of 
pheromone decreases due to diffusion effects. This property 
is important because it is integrating dynamic into the path 
searching process. Subsequently, more ants are attracted by 
these pheromone trails and in turn reinforce them even more. 
As a result of this autocatalytic effect, the optimal solution 
emerges rapidly. This behaviour of the ant can be used to 
find out a path that satisfies multiple constraints in ad-hoc 
networks. Especially, the dynamic component of this method 
allow a high adaptation to changes in mobile ad-hoc network 
topology, since in these networks the existence of links are 
not guaranteed and link changes occur very often. 


Applying ant colony algorithm into ad-hoc networks, the 
ants are seemed as packets which are forwarded randomly 
from one node to another while retaining a history of nodes 
that it has visited. The source node is seemed as the nest 
and the destination node is seemed as the food. Similar to 
real ants, the artificial ants that have found a good solution 
mark their paths through the decision space by putting some 
amount of pheromone on the edges of the path. The following 
ants of the next generation are attracted by the pheromone 
so that they will search in the solution space near good 
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solutions. Each node maintains a probabilistic routing table. 
The routing tables are therefore also called pheromone tables. 
The data packets are routed more or less in the same way as 
ants: packets are routed stochastically, choosing with a higher 
pheromone values. Suppose the ad-hoc network is considered 
as a connected, undirected. Let G=(V,E) represents a network, 
where V denotes the set of network nodes and E denotes the set 
of bidirectional links. Give a source node Vs and a destination 
d, let dsp denote the routing from s to d. 

The aim of our algorithm is to find out paths that satisfy 
certain requirements such as delay, delay jitter and cost, and 
the same time increase lifetime of network, which meets the 
following conditions: 

e delay(p(s,d))<=D 

e delay jitter(p(s,d))j=DJ 

e cos t(p(s,d)) is the minimum 
We suppose that cos t(p(s,d)) is the number of hops between 
source and destination, D and DJ are delay and delay-jitter 
constraints of traffic respectively. According our algorithm, the 
ants work as follow: Each ant finds its next hop according to 
the state transition rule, and each ant find the shortest path 
rapidly by applying the local updating rule and the global 
updating rule. Each ant finds its next hop according to the 
state transition rule. When the ants move between the nodes, 
the pheromone level on the selected edge is updated. 


V. ANT COLONY OPTIMIZATION BASED ROUTING IN 
MOBILE AD-HOC NETWORK 


The Wireless Sensor Networks (WSN) is intended for moni- 
toring an environment. The main task of a wireless sensor node 
is to sense and collect data from a certain domain, process 
them and transmit it to the sink where the application lies. The 
main characteristics of a WSN include power consumption 
constrains for nodes using batteries or energy harvesting, 
ability to cope with node failures, mobility of nodes, dynamic 
network topology, communication failures, heterogeneity of 
nodes, scalability to large scale of deployment, ability to 
withstand harsh environmental conditions, ease of use, unat- 
tended operation. However, ensuring the direct communication 
between a sensor and the sink may force nodes to emit their 
messages with such a high power that their resources could 
be quickly depleted. Therefore, the collaboration of nodes 
to ensure that distant nodes communicate with the sink is a 
requirement. Routing in wireless sensor networks differs from 
conventional routing in fixed networks in various ways: There 
is no infrastructure, wireless links are unreliable, sensor nodes 
may fail, and routing protocols have to meet strict energy 
saving requirements. Routing is a challenging task in WSNs 
because of their unique characteristics which makes it different 
from other wired and wireless sensor networks like cellular or 
mobile adhoc networks. Technically, sensor network nodes are 
limited in respect to energy supply, computational capability 
and communication bandwidth. In order to prolong the lifetime 
of the sensor nodes, designing efficient routing protocol is very 
critical. There are two important issues should be taken into 
account while designing a routing protocol for WSN. 


e The level of power consumption at each stage of func- 
tionalities should be maintained. 

e Tolerance of different types of failures should be 
achieved. 


Generally speaking, routing algorithms can be described in 
two broad classes, reactive (on demand) routing and proactive 
(table driven) routing. Reactive protocols establish a path be- 
tween the source and destination only when there are packets 
to be transmitted. Proactive protocols always have a route 
available, so they are more suited for dynamic networks, such 
as when the nodes are mobile. They are efficient if routes are 
used often. Reactive protocols create their routes just before 
data is about to be sent. This ensures the nodes have the most 
up to date routing information but there is a start up cost as 
the route is being acquired. 

Swarm Intelligence (SI) is the local interaction of many 
simple agents to achieve a global goal. SI is based on social 
insect metaphor for solving different types of problems. Insects 
like ants, bees and termites live in colonies. Every single 
insect in a social insect colony seems to have its own agenda. 
The integration of all individual activities does not have any 
supervisor. In a social insect colony, a worker usually does 
not perform all tasks, but rather specializes in a set of tasks. 
This division of labour based on specialization is believed to 
be more efficient than if tasks were performed sequentially by 
unspecialized individuals. SI is emerged with collective intel- 
ligence of groups of simple agents. This approach emphasizes 
on distributedness, flexibility, robustness and direct or indirect 
communication among relatively simple agents. The basic idea 
of the ant colony optimization (ACO) meta-heuristic is taken 
from the food searching behaviour of real ants. Ant agents can 
be divided into two sections: 


e FANT (Forward Ants) and BANT (Backward Ants). 


The main purpose of this subdivision of these agents is to 
allow the BANTs to utilize the useful information gathered by 
FANTs on their trip time from source to destination. Based 
on this principle, no node routing information updates are 
performed by FANT, whose only purpose in life is to report 
n/w delay conditions to BANT. The various steps how these 
agents are passing routing information to each other are as 
follows: 


e Each network node launches FANT to all destinations at 
regular time intervals. 

e Ants find a path to destination randomly based on current 
routing tables. 

e The FANT creates a stack, pushing in trip times for every 
node as that node has reached. 

e When destination is reached, the BANT inherit the stack. 

e The BANT pop the stack entries and follows the path in 
reverse. 

e The routing table of each visited node are updated based 
on trip times. 


When ants are on the way to search for food, they start from 
their nest and walk toward the food. When an ant reaches 
an intersection, it has to decide which branch to take next. 
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While walking, ants deposit pheromone, which marks the route 
taken. The concentration of pheromone on a certain path is 
an indication of its usage. With time the concentration of 
pheromone decreases due to diffusion effects. This property 
is important because it is integrating dynamic into the path 
Searching process. 

AntNet uses ant agents for routing in the network. Using 
AntNet, nodes in the network frequently send ant agents to 
randomly selected destinations in the network. After reaching 
the destination, the ant agent traverses the same path going 
back to the original source node. On the way back to the 
Source node, the ant agents update the routing table of 
the nodes. Launching ant-agents continuously increases the 
control overhead even more. In a dynamic network such as 
WSNs, by the time, the ant agent reaches the source node; the 
routing information may have changed. The Three Phases of 
Ant Based Algorithm are the following: 

e Route discovery phase 

e Route maintenance phase 

e Route failure handling 

Route discovery phase uses control packet to discover route 
from source to destination. The control packets are mobile 
agents which walk through the network to establish routes 
between nodes. Route discovery uses two ant agents called 
Forward Ant (FA) and Backward Ant (BA). These two ants 
are similar in structure but differ in the type of work they 
perform. 

A FA is an agent, which establishes the pheromone track 
to the source node, and BA establishes pheromone track to 
the destination. A forward ant is broadcast by the sender and 
relayed by the intermediate nodes till it reaches the destination. 
A node receiving a FA for the first time creates a record 
in its routing table. The record includes destination address, 
next hop and pheromone value. The node interprets the source 
address of the FA as the destination address, the address of the 
previous node as the next hop and computes the pheromone 
value depending on the number of hops the FA needed to reach 
the node. Then the node forwards the FA to its neighbours. 
FA packets have unique sequence number. Duplicate FA is 
detected through sequence number. Once the duplicate ants 
are detected, the nodes drop them. When the FA reaches the 
destination, its information is extracted and it is destroyed. 

BA is created with same sequence number and sent towards 
the source. BA reserves the resources at along the nodes 
towards source. BA establishes path to destination node. 

Route Maintenance plays a very important role in WSNs 
as the network keeps dynamically changing and routes found 
good during discovery may turn to be bad due to congestion, 
signal strength, etc. Hence when a node starts sending pack- 
ets to the destination using the Probabilistic Route Finding 
algorithm explained above, it is essential to find the goodness 
of a route regularly and update the pheromone counts for 
the different routes at the source nodes. To accomplish this, 
when a destination node receives a packet, it probabilistically 
sends a Congestion Update message to the source which 
informs the source of the REM value for that route. This 


Congestion Update message also serves an ACK to the source. 
This phase is responsible for generating alternative routes 
in case the existing route fails. Every packet is associated 
with acknowledgement; hence if a node does not receive an 
acknowledgement, it indicates that the link is failed. 

On detecting a link failure the node sends a route error 
message to the previous node and deactivates this path by 
setting the pheromone value to zero. The previous node then 
tries to find an alternate path to the destination. If the alternate 
path exists, the packet is forwarded on to that path else the 
node informs its neighbours to relay the packet towards source. 
This continues till the source is reached. On reaching the 
source, the source initiates a new route discovery phase. Hence 
ant algorithm does not break down on failure of optimal path. 
This helps in load balancing. That is, if the optimal path is 
heavily loaded, the data packets can follow the next best paths. 


VI. METRICS FOR POWER-AWARE BROADCASTING 


In networks broadcast operation is an important function. 
It can be used for sending critical control information or 
topology update information to all nodes. Flooding is the 
simplest algorithm to broadcast a packet in an ad hoc network. 
This simple technique does not require gathering any global 
topology information and thus requires little control overhead. 
The flooding scheme will complete broadcast with minimum 
hops, however, it will have many intermediate nodes retrans- 
mitting packets leading to excessive consumption of energy. 

Key intuition in this paper is that conserving power and 
carefully sharing the cost of routing broadcast packets will 
ensure that node and network life are increased. In order 
to conserve power, each nodes transmission must reach as 
many new nodes as possible. We can use a scheme where 
a broadcast tree is constructed starting from a source and 
expanding with a neighbour with highest outgoing degree. This 
is a greedy strategy and increases the number of nodes reached 
via broadcast aggressively in each step. This scheme will only 
use the topology information and we will call this scheme non- 
power-aware.The present several power-aware metrics that do 
result in energy-efficient broadcasting. 


e Minimize Energy consumed/broadcast: 
This is one of the most obvious metrics that reflects 
our intuition about conserving energy. Assume that some 
broadcast packet j traverses nodes nl,....nk where nl is 
the source and n2,...,.nk are the intermediate nodes that 
retransmit this packet 

e Maximize Time to Network Partition 
In the context of broadcast, as soon as the first node 
dies the network is said to be partitioned.. Unfortunately, 
optimizing this metric is very difficult if we need to 
simultaneously maintain low delay and high throughput 

e Minimize Variance in node power levels 
The intuition behind this metric is that all nodes in the 
network are equally important and no one node must be 
penalized more than any of the others. This metric ensures 
that all the nodes in the network remain up and running 
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together for as long as possible. Therefore, the goal will 
be to minimize the maximum node cost 

e Minimize Cost/Packet: 
If the goal is to maximize the life of all nodes in the 
network, then metrics other than energy consumed/packet 
need to be used. The paths selected when using these 
metrics should be such that nodes with depleted energy 
reserves do not become intermediate nodes on many 
broadcast trees. 

e Minimize Maximum Node Cost 
Let c(t) denote the cost of transmitting a packet through 
node i at time t. Define C(t) denote the maximum of the 
C(t)s. 


VII. CONCLUSION 


MANET is a network which employing wireless sensor 
network technology. The performance is evaluated in terms 
of the end-to-end delay, Packet delivery ratio, residual energy 
and throughput. The AODV and MAOMDYV routing protocols 
are implemented for both the standards. It is concluded that 
the MAOMDYV is best suited for designing a enhanced quality 
oriented protocol for better throughput, Packet delivery ratio, 
Residual energy and larger coverage area with lower delay in 
multihop. 
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Abstract—In recent years, due to the booming development 
of online social networks, fake news for various commercial 
and political purposes has been appearing in large numbers 
and widespread in the online world. With deceptive words, 
online social network users can get infected by these online 
fake news easily, which has brought about tremendous effects 
on the offline society already. An important goal in improving 
the trustworthiness of information in online social networks is to 
identify the fake news timely. This paper aims at investigating the 
principles, methodologies and algorithms for detecting fake news 
articles, creators and subjects from online social networks and 
evaluating the corresponding performance. This paper addresses 
the challenges introduced by the unknown characteristics of fake 
news and diverse connections among news articles, creators and 
subjects. 

Index Terms—¥Fake news, satire, parody, fabrication of news, 
hoax. 


I. INTRODUCTION 


propaganda that consists of deliberate disinformation or 

hoaxes spread via traditional news media or online social 
media. Digital news has brought back and increased the usage 
of fake news, or yellow journalism. The news is then often 
reverberated as misinformation in social media but occasion- 
ally finds its way to the mainstream media as well. Fake news 
is written and published usually with the intent to mislead 
in order to damage an agency, entity, or person, and/or gain 
financially or politically, often using sensationalist, dishonest, 
or outright fabricated headlines to increase readership. 


fE NEWS production is a type of yellow journalism or 


II. DIFFERENT TYPES OF FAKE NEWS 


There are different types of fake news. 


1) Satire or parody: This type of fake news has no 
intention to cause harm but has potential to fool. 

2) False connection: This is the type when headlines, 
visuals or captions don’t support the content. 

3) Misleading content: This is the misleading use of 
information to frame an issue or an individual. 

4) False context: This is the case where genuine content 
is shared with false contextual information. 

5) Impostor content: A case when genuine sources are 
impersonated” with false, made-up sources. 
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6) Manipulated content: The case when genuine infor- 
mation or imagery is manipulated to deceive, as with a 
*doctored” photo. 

7) Fabricated content: This is the case new content is 
100% false, designed to deceive and do harm. 


III. ANOTHER CLASSIFICATION OF FAKE NEWS 


In this section we consider another classification of fake 
news. 


1) Serious Fabrications (Type A, Figure 1A) 
Yellow press and tabloids present a wide spectrum of 
unverified new and uses eye-catching headlines (“click- 
baits”), exaggerations, scandal-mongering, or sensation- 
alism to increase traffic or profits (Yellow Journalism, 
2015). Tabloids specifically emphasize topics such as 
sensational crime stories, astrology, gossip columns about 
celebrities, and junk food news (Tabloids, 2015). Yellow 
journalism is a suitable source for fake news corpus in 
cases of obvious or exposed falsification, fabrication, or 
exaggeration, and may require investigation. 

2) Large-Scale Hoaxes (Type B, Figure 1B) 
Hoaxing is another type of deliberate fabrication or 
falsification in the mainstream or social media. Attempts 
to deceive audiences masquerade as news, and may be 
picked up and mistakenly validated by traditional news 
outlets. 

3) Humorous Fakes (Type C) 
We distinguish serious fabricated news from humorous 
ones. If readers are aware of the humorous intent, they 
may no longer be predisposed to take the information at 
face value. Technology can identify humor and promi- 
nently display originating sources (e.g., The Onion) to 
alert users, especially in decontextualized news aggrega- 
tors/platforms. 

4) Satire News 
Satire is a literary genre that employs humor when 
making commentary on individuals or activities and their 
perceived vices, shortcomings, or mistakes.In journalism, 
satire most commonly pokes fun at the news, or uses 
parody portrayed as conventional news. Satire is used 
in many works of literature to show foolishness or vice 
in humans, organizations, or even governments - it uses 
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A) exposed fabrications (Shingler, 2015); 


sarcasm, ridicule, or irony. For example, satire is often 
used to achieve political or social change, or to prevent 
it. One framework for humor, proposed by Ziv (1988), 
suggests five discrete categories of humor: aggressive, 
sexual, social, defensive, and intellectual. 


IV. FAKE NEWS DETECTION ON SOCIAL MEDIA 


Social media for news consumption is a double-edged 
sword. On the one hand, its low cost, easy access, and 
rapid dissemination of information lead people to seek out 
and consume news from social media. On the other hand, it 
enables the wide spread of fake news, i.e., low quality news 
with intentionally false information. The extensive spread of 
fake news has the potential for extremely negative impacts 
on individuals and society. Therefore, fake news detection 
on social media has recently become an emerging research 
that is attracting tremendous attention. Fake news detection 
on social media presents unique characteristics and challenges 
that make existing detection algorithms from traditional news 
media ineffective or not applicable. 


V. FAKE NEWS CHARACTERIZATION 


In this section, we introduce the basic social and psy- 
chological theories related to fake news and discuss more 
advanced patterns introduced by social media. Specifically, we 
first discuss various definitions of fake news and differentiate 
related concepts that are usually misunderstood as fake news. 
We then describe different aspects of fake news on traditional 
media and the new patterns found on social media. 


A. Definitions of Fake News 


Lots of things you read online especially in your social 
media feeds may appear to be truth,of is not.Fake news is 
a news,stories or hoaxes created by deliberately misinform 
or deceive reader.Usually these stories are created to either 
influence peoples views,push a political agenda or cause 
confusion and can often to be a profitable business for online 
publishers.Fake news stories can deceive people by looking 
like trusted websites or using similar name and web addresses 
to reputable news organization. 


Figure 1. Three Types of Fake News Form Three Sub-Tasks in Fake News Detection: 
B) large-scale hoaxes (Matt, 2015); 
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Figure 1: Fake news on social media: from characterization to detection. 
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B. Fake News on Traditional News Media 


Fake news itself is not a new problem. The media ecology 
of fake news has been changing over time from newsprint to 
radio/television and, recently, online news and social media. 
We denote traditional fake news as the fake news problem 
before social media had important eects on its production and 
dissemination. Next, we will describe several psychological 
and social science foundations that describe the impact of fake 
news at both the individual and social information ecosystem 
levels. 


C. Psychological Foundations of Fake News 


Humans are naturally not very good at differentiating be- 
tween real and fake news. There are several psychological and 
cognitive theories that can explain this phenomenon and the 
influential power of fake news. Traditional fake news mainly 
targets consumers by exploiting their individual vulnerabilities. 
There are two major factors which make consumers naturally 
vulnerable to fake news: (i) Nave Realism: consumers tend to 
believe that their perceptions of reality are the only accurate 
views, while others who disagree are regarded as uninformed, 
irrational, or biased Confirmation Bias: consumers prefer to 
receive information that confirms their existing views. Due to 
these cognitive biases inherent in human nature, fake news can 
often be perceived as real by consumers. Moreover, once the 
misperception is formed, it is very hard to correct it. 

1) Social Foundations of the Fake News Ecosystem: Con- 
sidering the entire news consumption ecosystem, we can also 
describe some of the social dynamics that contribute to the 
proliferation of fake news. Prospect theory describes decision 
making as a process by which people make choices based on 
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the relative gains and losses as compared to their current state. 
This desire for maximizing the reward of a decision applies 
to social gains as well, for instance, continued acceptance by 
others in a users immediate social network. 


D. Fake News on Social Media 


Social media provides a new paradigm of information cre- 
ation and consumption for users. The information seeking and 
consumption process are changing from a mediated form (e.g., 
by journalists) to a more disinter-mediated way. Consumers 
are selectively exposed to certain kinds of news because of 
the way news feed appear on their homepage in social media, 
amplifying the psychological challenges to dispelling fake 
news identified above. 


VI. FAKE NEWS DETECTION: PROBLEM STATEMENT 


Social media for news consumption is a double-edged 
sword. On the one hand, its low cost, easy access, and rapid 
dissemination of information lead people to seek out and 
consume news from social media. On the other hand, it enables 
the wide spread of fake news, i.e., low quality news with 
intentionally false information. The extensive spread of fake 
news has the potential for extremely negative impacts on 
individuals and society. 

Therefore, fake news detection on social media has recently 
become an emerging research that is attracting tremendous 
attention. Fake news detection on social media presents unique 
characteristics and challenges that make existing detection 
algorithms from traditional news media ineffective or not 
applicable. 

First, fake news is intentionally written to mislead readers 
to believe false information, which makes it difficult and 
nontrivial to detect based on news content; therefore, we 
need to include auxiliary information, such as user social 
engagements on social media, to help make a determination. 

Second, exploiting this auxiliary information is challenging 
in and of itself as users social engagements with fake news 
produce data that is big, incomplete, unstructured, and noisy. 


VII. METHODOLGY 


1) Feature Extraction 
News content features describe the meta information 
related to a piece of news. A list of representative news 
content attributes are listed below: 


e Source: Author or publisher of the news article. 

e Headline: Short title text that aims to catch the 
attention of readers and describes the main topic of 
the article. 

e Body Text: Main text that elaborates the details of 
the news story; there is usually a major claim that is 
specifically highlighted and that shapes the angle of 
the publisher. 

e Image/Video: Part of the body content of a news 
article that provides visual cues to frame the story. 


Based on these raw content attributes, different kinds of 
feature representations can be built to extract discrimi- 
native characteristics of fake news. Typically, the news 
content we are looking at will mostly be linguistic-based 
and visual-based. 

2) Model Construction 


e Since fake news attempts to spread false claims in 
news content, the most straightforward means of 
detecting it is to check the truthfulness of major 
claims in a news article to decide the news veracity. 

e Knowledge-based approaches aim to use external 
sources to fact-check proposed claims in news con- 
tent. The goal of fact-checking is to assign a truth 
value to a claim in a particular context. 

e Fact-checking has attracted increasing attention, and 
many efforts have been made to develop a feasible 
automated fact-checking system. 

e Existing fact-checking approaches can be catego- 
rized as expert-oriented, crowdsourcing-oriented, and 
computational-oriented. 


VIII. EXPERIMENTAL DESIGN 
A. Datasets 


Online news can be collected from different sources, such 
as news agency, search engines, and social media websites. 
However, manually determining the veracity of news is a 
challenging task, usually requiring annotators with domain 
expertise who performs careful analysis of claims and ad- 
ditional evidence, context, and reports from authoritative 
sources.Generally, news data with annotations can be gath- 
ered in the following ways: Expert journalists, Fact-checking 
websites, Industry detectors, and Crowd-sourced workers 


B. Evaluation Metrics 


Evaluate the performance of algorithms for fake news 
detection problem, various evaluation metrics have been used. 
In this subsection, we review the most widely used metrics for 
fake news detection. Most existing approaches consider the 
fake news problem as a classification problem that predicts 
whether a news article is fake or not: 


e True Positive (TP): when predicted fake news pieces are 
actually annotated as fake news; 

e True Negative (TN): when predicted true news pieces are 
actually annotated as true news; 

e False Negative (FN): when predicted true news pieces are 
actually annotated as fake news; 

e False Positive (FP): when predicted fake news pieces are 
actually annotated as true news. 


By formulating this as a classification problem, we can 
define following metrics: 


1) Precision = TP/(TP + FP) 

2) Recall= TP/(TP + FN) 

3) Fı = 2(Precisionn — Recall) /(Precision + Recall) 
4) Accuracy= (TP +TN)/(TP+TN + FP + FN) 
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These metrics are commonly used in the machine learning 
community and enable us to evaluate the performance of a 
classifier from different perspectives. Specifically, accuracy 
measures the similarity between predicted fake news and real 
fake news. 


IX. CONCLUSION 


With the increasing popularity of social media, more and 
more people consume news from social media instead of 
traditional news media. However, social media has also been 
used to spread fake news, which has strong negative im- 
pacts on individual users and broader society. In this article, 
we explored the fake news problem by reviewing existing 
literature in two phases: characterization and detection. In 
the characterization phase, we introduced the basic concepts 
and principles of fake news in both traditional media and 
social media. In the detection phase, we reviewed existing 
fake news detection approaches from a data mining perspec- 
tive, including feature extraction and model construction. We 
also further discussed the datasets, evaluation metrics, and 
promising future directions in fake news detection research 
and expand the field to other applications. 
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Abstract—Virtualization improves the efficiency of networks 
by allowing multiple virtual networks to share a single physical 
network’s resources. Next-generation optical transport networks 
are expected to support virtualization by accommodating mul- 
tiple virtual networks with different topologies and bit rate 
requirements. Meanwhile, Optical orthogonal frequency-division 
multiplexing (QOFDM) is emerging as a viable technique for ef- 
ficiently using the optical fiber’s bandwidth in an elastic manner. 
OOFDM partitions the fiber’s bandwidth into hundreds or even 
thousands of OFDM subcarriers that may be allocated to services. 
In this paper, we consider an OOFDM-based optical network and 
formulate a virtual network mapping problem for both static and 
dynamic traffic. This problem has several natural applications, 
such as e-science, grid, and cloud computing. The objective for 
static traffic is to maximize the subcarrier utilization, while 
minimizing the blocking ratio is the aim for dynamic traffic. 
Two heuristics are proposed and compared. Simulation results 
are presented to demonstrate the effectiveness of the proposed 
approaches. 

Index Terms—Virtual optical networks, OOFDM, elastic net- 
works, mapping, list scheduling, subcarrier, CapEx, OSNR esti- 
mation with nonlinear impairments. 


I. INTRODUCTION 


LASTIC optical networks (EONs) aim to improve net- 
E= capacity by using flexible spectrum channels and 


higher-order modulation formats. However, depending 
upon link lengths and the geographical area of a network, 
the choice of in-line amplifiers and reconfigurable optical 
add drop multiplexers (ROADMs) is crucial to achieve these 
aimed for high network capacities and also account for noise 
contributions. Recently, significant work has been done in in- 
line amplifiers and ROADMs to include nonlinear impairment 
(NLD in the Gaussian noise (GN) model. The result of this 
leads to network optimization based upon local optimization 
which leads to a global network optimization strategy. 
Traditional Wavelength Division Multiplexing (WDM) net- 
works rely on the fixed-size spectral grid standardized by 
the International Telecommunication Union (ITU), where the 
minimum granularity for provisioning traffic demands is a 
wavelength. Although such networks enable the transmission 
of high bit-rates per optical channel, such a rigid and coarse 
resource allocation leads to a poor utilization of the spectrum. 
To overcome this drawback, the SLICE architecture has been 
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recently proposed in . SLICE aims to offer a flexible network 
environment suitable for providing sub- wavelength granu- 
larity for low data-rate transmissions and super-wavelength 
granularity for ultra-high capacity transmissions .To cater to 
this explosive growth of capacity requirements, WDM systems 
have been fully studied and deployed in backbone networks. 


Il. NETWORK NLI TRANSMISSION MODEL 


In elastic optical networks, the success of providing high 
network capacity depends on the optical signal-to-noise ratio 
(OSNR) values of network light paths. As each light paths 
OSNR value defines the modulation format and capacity 
it can support, having high OSNR light paths is always 
beneficial. Hence, with a given set of modulation formats, 
service providers need to optimize their optical infrastructure, 
including in-line amplifiers and reconfigurable optical adddrop 
multiplexers (ROADMs). This will have a direct impact on 
vendors who need strong insight into the requirements of 
service providers and their networks in terms of equipment 
and new technology. Therefore, in this paper a comprehensive 
model based on the local optimization which leads to a global 
network optimization (LOGON) strategy of the Gaussian noise 
(GN) model has been proposed, which helps in estimating 
the light path OSNR and clearly quantifies the noise contri- 
butions from in-line amplifiers and post-amplification at the 
ROADMs. The model introduces closed-form expressions to 
calculate nonlinear impairment (NLI) contributions for various 
span lengths while using either erbium-dopedfiber amplifiers 
(EDFAs) or H-Raman amplifiers, which helps in optimizing 
the signal launch power to achieve maximum link OSNR. In 
addition to this, an offline strategy has been proposed that 
can help service providers to optimize their procurement of 
network if they do this. 

A small network topology is shown (see Figure 1) to 
demonstrate the working of the noise model. Starting with 
a higher signal power Pr, the signals are attenuated by the 
attenuators (gray) down to an optimum signal power, Piopt , 
as they enter an ith fiber link. 

Throughout the link, this optimum power profile is main- 
tained to reduce the effect of NLI. Each intermediate amplifier 
compensates for the previous span loss, apart from the last 
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Fig. 1. Network NLI Transmission model 


amplifier, which increases the signal power at the node back 
to Pr. The NLI noise power of an optical link can be calculated 
from the following equation. 

nNLI = (Pr/P8ct’) N (Pop) 3Xm(L) 
where Xm(L) is the normalized nonlinear coefficient calculated 
for each span of length of L km. 


A. Virtual Topology Mapping in Elastic Optical Networks 


Virtualization improves the efciency of networks by allow- 
ing multiple virtual networks to share a single physical net- 
works resources. Next-generation optical transport networks 
are expected to support virtualization by accommodating 
multiple virtual networks with different topologies and bit 
rate requirements. Meanwhile, Optical Orthogonal Frequency- 
Division Multiplexing (OQOFDM) is emerging as a viable 
technique for efciently using the optical bers bandwidth in 
an elastic manner. OOFDM partitions the bers bandwidth 
into hundreds or even thousands of OFDM subcarriers that 
may be allocated to services. In this paper, we consider 
an OOFDM-based optical network and formulate a virtual 
network mapping problem for both static and dynamic trafc. 
The objective for static trafc is to maximize the subcarrier 
utilization, while minimizing the blocking ratio is the aim 
for dynamic trafc. Two heuristics are proposed and compared. 
We rst provide a classication of virtualization problems. These 
problems are applicable to WDM- as well as OOFDM based 
optical networks. In general, these problems can be classied 
into Slice Provisioning problems or Virtual Network (VN) 
Mapping problems. 


e Slice Provisioning 
Specic model The slice request includes specic 
(sub)wavelengths of each physical link, specic ports of 
each optical device (e.g., optical cross-connetcs (OXC)). 
e VN Mapping 
In VN mapping each request is a virtual network topology 
including virtual nodes and/or virtual links. The provider 
assigns physical nodes to virtual nodes, and allocates 
(sub)wavelengths on each link to the virtual links. In 


both versions, the request may also include Bit Error Rate 
(BER) or survivability requirements. 


B. Fragmentation Aware Routing Spectrum Allocation Scheme 
Based Distribution of Traffic Bandwidth in Elastic Optical 
Networks 


Due to emerging services such as high-definition video 
distribution, cloud computing services, mobile applications, 
and data centers, the IP traffic volume is continually increasing 
by around 40% per year. It will be a continuous challenge for 
optical transport networks to serve this huge and heteroge- 
neous volume of traffic in a cost-effective and scalable way. 
With advanced modulation formats and digital equalization 
technologies, WDM networks are able to provide 40Gb per 
second, 100Gb per second, and even higher rates per channel 
with improved transmission distance. To reduce spectrum 
wastage, optical orthogonal frequency division multiplexing 
(O-OFDM) and Nyquist WDM have been introduced. These 
technologies utilize multicarrier transmission and provide 
much finer granularity (e.g., 12.5 GHz) than the ITU-T WDM 
grid (50 or 100 GHz). Empowered by these technologies, 
elastic optical networks (EONs) provide an efficient way to 
support variable traffic demands. Such a technological advance 
for EONs introduces challenges to resource allocation at the 
networking level. For an incoming traffic demand, the control 
plane of the EON needs to find a routing path and allocate 
enough consecutive spectrum slots on all the fiber links along 
the path to establish an end-to-end light path. This problem is 
called the routing and spectrum allocation (RSA) problem . As 
an upgrade of the traditional routing and wavelength allocation 
(RWA) problem in WDM networks, the RSA problem brings 
new constraints: 


e The same spectrum portion along the routing path be- 
tween the source node and the destination node should 
be occupied. 

e The entire bandwidth of the connection must be contigu- 
ously allocated. These two constraints are called the spec- 
trum continuity constraint and the spectrum contiguity 
constraint. 


IHI. RELATED WORKS AND CONTRIBUTIONS 


As one of the most important problems for EONs, the RSA 
problem has been widely investigated. To efficiently solve 
the dynamic RSA problem, we decompose the problem into 
two sub problems: routing and spectrum allocation. For each 
sub problem, we review previous schemes and present our 
opinions. 


A. Routing Subproblem 


The routing sub problem is about how to find a routing 
path from the source node to the destination node. The routing 
schemes collect the network resource information and select 
routing paths with available spectrum resources. To solve 
this problem efficiently, several aspects have to be taken into 
consideration. 


ə Minimizing the optical loss of the routing path 
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The routing schemes should minimize the routing paths 
hop number and length to achieve better BER perfor- 
mance and reduce the cost of the optical amplifier. This 
is called shortest-path routing (SPR), by which the RSA 
schemes allocate the routing paths with the least routing 
hop/length for traffic demands. 

e Load balancing 
In optical transport networks with mesh topologies, some 
links may be used more frequently ,so these links will 
bear much higher load than other links. Network re- 
sources can be allocated more effectively if the routing 
schemes take the load situation into consideration and 
avoid links with high loads. 

e Maximizing the available spectrum resources on rout- 
ing path 
The available spectrum resources on the routing path 
highly depend on the link load and the distribution of 
spectrum resources. The routing schemes aim to find 
a routing path that has the maximum possibility of 
accommodating the traffic requests. 


B. Spectrum Allocation Subproblem 


The spectrum allocation sub problem is about how to select 
a spectrum pattern (i.e., consecutive fraction of available 
spectrum slots). Among all the available spectrum resources 
on the routing path(s), the spectrum allocation schemes select 
a preferable one while maximizing the possibility for the rest 
of the resources to satisfy future incoming traffic. For EONs, 
the spectrum allocation schemes 


C. Lightpath Fragmentation for Efficient Spectrum Utilization 
in Dynamic Optical Networks 


Traditional Wavelength Division Multiplexing (WDM) net- 
works rely on the fixed-size spectral grid standardized by 
the International Telecommunication Union (ITU), where the 
minimum granularity for provisioning traffic demands is a 
wavelength . Although such networks enable the trans- mission 
of high bit-rates per optical channel, such a rigid and coarse 
resource allocation leads to a poor utilization of the spectrum, 
provided that the traffic between the remote endpoints of a 
connection is not enough to fill the entire wavelength capacity, 
which can rise up to 40 or 100Gbps. To overcome this 
drawback, the SLICE architecture has been recently proposed 
in. 

SLICE aims to offer a flexible network environment suit- 
able for providing sub- wavelength granularity for low data- 
rate transmissions and super-wavelength granularity for ultra- 
high capacity transmissions. The enabling technology for 
the SLICE architecture is Orthogonal Frequency Division 
Multiplexing (OFDM), jointly with the Bandwidth Variable 
Wavelength Cross Connects (BV- WXC). Despite the many 
advantages of OFDM, and its widespread use in wireless 
communications, OFDM has been recently introduced as a 
modulation format in optical communications. Through optical 
OFDM, data belonging to a single traffic demand is split in 
multiple lower bit-rate sub-carriers, providing fine-granularity 
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Fig. 2. Example of spectrum fragmentation in a dynamic scenario. 


capacity to the connections by elastically accommodating mul- 
tiple sub-carriers according to the demands needs. Moreover, 
thanks to OFDM properties, it is possible to efficiently serve 
super-wavelength traffic demands that require multiple sub- 
carriers, by allocating consecutive sub-carriers in the spectrum 
domain. 

Although optical OFDM provides SLICE with a highly 
spectrum-efficient and bandwidth-variable modulation format, 
it also poses new challenges to the resource assignment in 
the network. Indeed, classic Routing and Wavelength Assign- 
ment (RWA) solutions for WDM networks cannot be directly 
applied here since, instead of wavelengths -Looking at the 
literature, the RSA problem has been formulated both as 
an Integer Linear Programming (ILP) problem for the off- 
line planning scenario, or using lightweight heuristics for an 
on-line dynamic network scenario . In both scenarios, it is 
assumed that the useful bandwidth of an optical fiber can be 
discretized and divided into multiple Frequency Slots (FSs), 
being the width of a single FS much smaller than the width of 
the channels employed in a fixed-size grid scenario, such as 
the one defined by the ITU in. Given these assumptions, and 
considering that the bit-rate requested by a traffic demand can 
be converted into particular spectrum bandwidth needs, each 
traffic demand can be understood as a requested number of 
FSs between a source and a destination node. 

From the above, a demand must be accommodated on 
contiguous FSs. However, in dynamic scenarios, the available 
spectrum can be highly fragmented, mostly due to the random- 
ness shown by those connection arrivals and disconnections 
in the network, which can highly penalize those connection 
requests demanding high data-rates (i.e., a significant number 
of contiguous FSs). Fig. 1 illustrates this situation. In Fig. 
l.a, a certain number of connections, with different bandwidth 
requirements, is established over a given network link. After 
some time, in Fig. 1.b, one of these connections is released, 
thus freeing a portion of the spectrum in that link. Finally, 
in Fig. 1.c, a new high data-rate connection request arrives at 
the network and should be allocated on the link under study. 
Even though the total spectrum available on that link would 
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be enough to allocate the new connection, such spectrum is 
fragmented into smaller portions than the contiguous spec- 
trum requested by the incoming connection, which eventually 
causes its blocking. 


D. Proposed Mechanism 


Before going into the details of our proposed mechanism, 
let us discuss how the requested bandwidth by a demand 
can be translated into a specific number of FSs. To this 
end, we assume that the requested bit-rate can be converted 
into a requested bandwidth (i.e., spectrum portion), whatever 
the specific modulation format used to reach the desired 
destination node would be. Then, the number of FSs needed 
by a demand is equal to the ceiling of the division between the 
bandwidth of the demand and the spectral width of a single 
FS. It shall be mentioned, though, that existent BV- WXC 
technologies require guard bands between signals to perform 
the switching adequately. Hence, considering the presence of 
the guard bands as well, the number of FSs to allocate a 
demand is: 


No. of FSs = (Req. BW + Guard band) /(FS width) 


As expected, the guard band technological requirements 
may increase the number of FSs initially needed to allocate 
an incoming demand and, thus, the difficulty to allocate the 
demand on the fragmented network spectrum. 

The proposed mechanism tries to take advantage of the 
available fragmented spectral resources, when a connection 
blocking situation may arise due the lack of enough contiguous 
FSs to serve its entire bandwidth requirements. With this in 
mind, the foundation of the mechanism is the following. If 
a traffic demand can not be served because the number of 
requested FSs exceeds the size of any available spectral gap 
in the candidate paths between the source and destination 
nodes, it may still be possible to accommodate it by splitting 
the demand into multiple independent lower data-rate signals, 
and allocate them into multiple non adjacent spectral gaps, 
assuming that enough spectral resources exist in any of those 
candidate paths. 


E. Graph model-based Dynamic Routing and Spectrum As- 
signment in Elastic Optical Network 


In recent years the concept of the elastic optical network 
was proposed and very quickly .Be utilization. Analogues to 
the routing and wavelength assignment problem in traditional 
wavelength routed networks, routing and spectrum assignment 
is the most basic and critical resource management issue in 
EON’s. In this work we exploit and modify the layered graph 
model, which is a wll known RWA model, to design two RSA 
heuristic algorithm named LG-FF and LG-SP. additionally 
we also derive an analytical model to estimate the number 
of required layerd graphs. Numerical results demonstrate that 
LG-SP can achieve the same blocking performance level with 
significant time complexity reduction as compared to the near 
optimal solution. 


Dynamic routing and spectrum assignment problem in elas- 
tic optical network with multiple fibers per link. The proposed 
path selection and spectrum management scheme is demon- 
strated to improve spectrum efficiency. With the dramatic 
growth of internet traffic, multiple fibers per links.multi fiber 
links provide more flexibility in switching frequency slots that 
prior schemes are not designed to fully utilise. 


F. Related Work 


Auxiliary graphs are widely used to solve resources alloca- 
tion problems, especially in optical networks. The illustrated 
an auxiliary graphs called a layerd graphs to solve the RWA 
problem.This model contains W layered graphs when there are 
W wavelengths per fiber link. 


G. Proposed Scheme 


1) Motivation and problem definition 
The fiber grid and unique spectrum contiguity constraints 
in EONs, directly extending the traditional layered graph 
model from the wavelength to the subcarrier level evi- 
dently is not an intelligent approach. For better adaptabil- 
ity to bandwidth granularity, we proposed an enhanced 
layered graph model to deal with the RSA problem while 
reducing both time and space complexity as much as 
possible. This model is suitable for both the grid and 
gridless spectrum standards. 

2) Layered Graph Model 
For better readability we summarise the notation used 
in this subsection in table. layered graph can reflect the 
utilisation status of a frequency slots. To discriminate the 
physical topology G=(V, E) from a layered graph. Here 
the network topology and expected traffic pattern into 
account and propose a novel and efficient solution for 
path selection and spectrum assignment that optimizes 
the state of the network after assignment. 


a) Network Model 
The network consist of a set of optical crossconnects 
and links. End nodes are connected to each OXC 
so that every OXY can be origin or destination of 
connection requests. Each link contains multiple fibers 
and the no of fibets on each link may be defferent. All 
fibers consists of same number of frequency slots. 

b) Path Selection 
Commonly used routing schemes such as fixed single 
shortest path or one of many paths selected dynami- 
cally suffer from either poor performance or high com- 
plexity.the network topology and traffic loads for each 
node pair. The selection probabilities for all candidates 
path are computed offline via a mixed integer linear 
program whose objectives is to minimise both avarage 
maximum traffic load overall fibers. 

c) Spectrum Assignment 
When a request arrives a path is selected to accom- 
modate the request by simply using the probability 
distribution computed. After a path is chosen for the 
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arriving request, SA is performed to assign continuous 
FSs to that request. 
d) Results 

Performance evaluation result for the NSF network. 
Each link has a random number of fibers. Connections 
requests arrive to the network according to a poission 
process, with a mean holding time of 1.the request 
arrival rate is varied in order to examine the net- 
work performance under varifying offered loads.Cloud 
computing allowed user to access large computing 
platforms like data-centers. In order to do this the 
networking architecture that supports cloud comput- 
ing has to be highly scalable, agile and resilient. The 
data centers could either be intra-datacenter or inter- 
datacenter. 


IV. CONCLUSION 


The Open-flow based software defined networking offers an 
intelligent and unified control plane that facilitates optimized 
utilization of switching and transport resources in the inter 
and intra-data center networks. There is still a considerable 
amount of work to be done before all benefits of the EON 
can be fully utilized. With the rapid explosion of online 
services, the supporting optical networks need to grow at rates 


never experienced before. We must continue to leverage new 
technological developments, such as those described in this 
paper, to maintain leadership in this space.Present NSA, a 
next state aware spectrum assignment scheme that partitions 
the spectrum along with a path selection scheme to solve the 
RSA problem in multi fiber EONs. Results show that NSA 
performs significantly better than other RSA schemes in the 
literature. The Open-flow based software defined networking 
offers an intelligent and unified control plane that facilitates 
optimized utilization of switching and transport resources in 
the inter and intra data center networks. 
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Abstract—This work gives a short description of some selected 
agile methodologies a comparative study of them based on several 
criteria. The first criterion reviews the volume of methodology 
in which project management is used in developing information 
systems. The second criterion shows if the processes, defined by 
methodology, cover appropriate phases of the life cycle. The last 
criterion shows if methodology indicates the use of skills and 
tools in the life cycle phases of developing information systems. 
Finally, the work compares, according to the key elements of 
development, traditional methodologies with agile methodologies. 

Index Terms—Agile development, information system, tradi- 
tional methodology. 


I. INTRODUCTION 


50 years. Software development started off as a messy 
activity often mentioned as code and fix. The software 
was written without much of a plan, and the design of the 
system was determined from many short term decisions. This 
worked well for small systems but as systems grew it became 
more difficult to add new features and bugs were harder to fix. 
Traditional methodologies are plan driven in which work 
begins with the elicitation and documentation of a complete 
set of requirements, followed by architectural and high level 
design development and inspection. Due to these heavy as- 
pects, this methodology became to be known as heavyweight. 
The name “agile” came about in 2001, when seventeen 
process methodologists held a meeting to discuss future trends 
in software development. They noticed that their methods had 
many characteristics in common so they decided to name these 
processes agile, meaning it is both light and sufficient. Agile 
methodologies are gaining popularity in industry although they 
compromise a mix of accepted and controversial software 
engineering practices. Most companies today focus on deliv- 
ering quality and gaining customer satisfaction and in order 
to accomplish this, the challenge lies in choosing between 
traditional development methodologies and agile development 
methodologies. 
Though both these approaches have positives and negatives 
aspects, making the right choice plays a crucial role while 


S OFTWARE has been part of modern society for more than 
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starting a new project. The main points to consider while 
choosing your development methodology are as follows: 


e Business Need: Impact of implementing specified re- 
quirements, on customers business 

e Customer Perception: Customer perspective of business 
impact 

e Project Time Frame: Defined time frame for the real-time 
implementation of the project 


II. SOFTWARE DEVELOPMENT LIFE CYCLE 


Software Development Life Cycle (SDLC) is an environ- 
ment that describes activities performed in each stage of the 
software development process. SDLC consists of a detailed 
plan that describes how the development, maintenance and 
replacement of specific software is conducted. This is also 
known as software development process. It aims to define 
all activities required to develop and maintain software. The 
various stages of a typical SDLC are the following: 


1) Requirements analysis and planning 

2) Definition of requirements 

3) Product architecture design 

4) Product implementation or development 
5) Product testing 

6) Market operation and maintenance 


II. TRADITIONAL SOFTWARE DEVELOPMENT 
METHODOLOGY 


Traditional software development methodologies are based 
on pre-organized phases/stages of the software development 
lifecycle. Here the flow of development is unidirectional, 
from requirements to design and then to development, then 
to testing and maintenance. In classical approaches like the 
Waterfall model, each phase has specific deliverables and 
detailed documentation that have undergone a thorough review 
process. 

Traditional approaches are suited when requirements are 
well understood for example, in industries like construction, 
where everyone clearly understands the final product. On the 
other hand, in rapidly changing industries like IT, Traditional 
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development procedures might fail to achieve project goals. 
Below are the major disadvantages of traditional SDLC meth- 
ods. 

1) Problem statement / business need has to be defined well 
in advance. The solution also needs to be determined in 
advance and cannot be changed or modified. 

2) The entire set of requirements have to be given in the 
initial phase without any chance of changing or modify- 
ing them after the project development has started. For 
example, the user might have given initial requirements to 
analyse their products in terms of sales. After the project 
has begun, if the user wants to change the requirement 
and analyse the data on the region-wise movement of 
products, the user can either wait till the completion of 
initial requirements or start another project. 

3) The user cannot conduct intermediate evaluations to make 
sure whether the product development is aligned so that 
the end product meets the business requirement. 

4) The user gets a system based on the developer’s under- 
standing and this might not always meet the customer’s 
needs. 

5) Documentation assumes high priority and becomes ex- 
pensive and time consuming to create. 

6) There are less chances to create/implement re-usable 
components. These disadvantages hinder project delivery 
in terms of cost, effort, time and end up having a major 
impact on customer relationships. 

7) Testing can begin only after the development process is 
finished. Once the application is in the testing stage, it is 
not possible to go back and edit anything which could 
have an adverse impact on delivery dates and project 
costs. 

8) Occasionally, projects get scrapped which leads to the 
impression of inefficiency and results in wasted effort 
and expenditure. Traditional development methodologies 
are suitable only when the requirements are precise i.e., 
when the customer knows exactly what they want and 
can confidently say that there wont be any major changes 
in scope throughout the project development. It is not 
suitable for large projects such as maintenance projects 
where requirements are moderate and there is a great 
scope for continuous modification 


IV. AGILE SOFTWARE DEVELOPMENT METHODOLOGY 


Unlike the traditional approaches of SDLC, Agile ap- 
proaches are precise and customer friendly. Users/Customers 
have the opportunity to make modifications throughout project 
development phases. The advantages of Agile over traditional 
development methodologies include: 

e Though the problem statement/business need and solution 

are defined in advance, they can be modified at any time. 

e Requirements/User Stories can be provided periodically 

implying better chances for mutual understanding among 
developer and user. 

e The solution can be determined by segregating the project 

into different modules and can be delivered periodically. 


e The user gets an opportunity to evaluate solution modules 
to determine whether the business need is being met thus 
ensuring quality outcomes. 

e It is possible to create re-usable components. 

e There is less priority on documentation which results in 
less time consumption and expenditure. 


Agile proposes an incremental and iterative approach to 
development. Consider Agile Scrum Methodology to get good 
understanding of how Agile processes work. Scrum Master 
plays an important role in Agile Scrum Methodology. A Scrum 
Master interacts daily with the development team as well as the 
product owner to make sure that the product development is in 
sync with the customers expectations. The following diagram 
illustrates the lifecycle process in Agile methodologies. 


Sprint 1-n 


Fig. 1. 


Agile Lifecycle 


During project inception, the customer splits the initial set of 
requirements into User Stories. The Scrum Master or Product 
owner organizes these User Stories and segregates them into 
different Sprints. In general, Sprint contains 3-4 User Stories 
to be delivered in 4 to 5 weeks, these are approximate figures 
and they will be decided based the complexity of user stories. 
Once the Sprint planning is done, the selected User Stories 
are once again split into Tasks so that the developer can have 
a clear roadmap to deliver quality output. At the end of each 
Sprint, the customer gets a chance to review and predict the 
final outcome and can propose changes if any. 


V. KEY POINTS WHILE MAKING THE TRANSITION FROM 
TRADITIONAL TO AGILE METHODOLOGIES 


e Identify the factors which made the transition necessary 

e Everyone, including the user, should be clear about the 
reasons which lead to the transition 

e Identify whether it is a small project or big project 

e Note the current stage of the project to be transitioned, 
whether development has started or is yet to start 

e Make sure the team has a good understanding of the new 
approach and have adapted to their respective roles as per 
the new approach 

e Arrange necessary training for the team 


VI. AGILE VS TRADITIONAL APPROACHES 


The main difference between traditional and agile ap- 
proaches is the sequence of project phases requirements 
gathering, planning, design, development, testing and UAT. In 
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traditional development methodologies, the sequence of the 
phases in which the project is developed is linear where as in 
Agile, it is iterative. Below picture illustrate this difference. 


Fig. 2. Comparison with Waterfall Model 


The main project variables like cost, time, quality etc., can 
be compared as shown in the following picture. 
Traditional Approach Agile Approach 


Fined 


Fig. 3. Comparison 


Things like project scope and requirements change during 
the project which make IT projects different from construction 
or engineering projects. Agile methodology like Scrum is 
preferable in projects involving large teams where we can 
expect frequent changes in requirements. As development 
phases like requirement gathering, design, development and 
testing can start in parallel, the entire team can be engaged in 
respective areas which increases productivity and speeds up 
the development process. 


VII. 


See Table I for a detailed comparison of the agile and 
traditional software development methodologies. 


A COMPARISON CHART 


VIII. HOW CAN WATERFALL AND AGILE WORK 
TOGETHER 


While it’s tempting for proponents of agile methodolo- 
gies to claim they work best for every development project, 
that’s simply not the case. While agile project management 
methodologies can generally be used for any development 
project and will often provide some powerful benefits, sit- 
uations definitely arise when more traditional methods like 


Waterfall are the smarter way to go .For example, large, 
enterprise-wide development efforts in which the user is being 
led through a Standardized processes are completed more 
efficiently using Waterfall methods. On the other hand, teams 
developing mobile applications which must be highly flexible 
and quickly updated due to the nature of the ecosystem they’re 
created for will likely find Agile methods more conducive to 
success. However, in the real world of project management 
and development, many projects are not completely black or 
white. They actually benefit most from a hybrid approach that 
takes advantage of the strengths of both Agile and Waterfall 
methodologies without allowing them to get in each other’s 
way 


IX. PROS AND CONS 


Of course, blending these two methods into a hybrid project 
requires some level of compromise from both sides. In contrast 
with a strictly Waterfall project, a hybrid project has to give up 
some level of certainty in exchange for the flexibility afforded 
by the Agile aspects of the development process. Similarly, 
in contrast with an Agile project, a team working on a hybrid 
project may find their freedom limited by water-fall’s planning, 
budgeting and scheduling Constraints. Through adequate com- 
munication and effective cooperation between team members 
and diverse teams, however, the hybrid approach can often be 
the most effective means of completing complex projects with 
shifting requirements 


X. MOST FREQUENT APPLIED AGILE METHODOLOGIES 


e Extreme programming (XP) 

e Scrum 

e Crystal Methods 

e FDD (Feature-driven development 

e DSDM (Dynamic Systems Development Method) 
e ASD (Adaptive Software Development) 

e Lean development and some others 


XI. COMPARISON OF DIFFERENT AGILE METHODOLOGIES 


The supposition for the choice of an appropriate Agile 
methodology is to know well its comparative advantages in 
relation to all the available alternatives. The simplest way to 
make decision is to do it by the analysis of reports generated 
and based on the other experiences in their applications. 
However, researches show that there are not a critical number 
of such reports, connected to agile methodologies, in order to 
compare them. Therefore, the need to compare them scientifi- 
cally is evident. Any kind of comparing agile methodologies, 
without traditional-formal methods, is extremely susceptible 
to subjectivity. Introducing the quasi-formal approach of com- 
parison, the problems caused by subjectivity are prevented, 
the problems appearing with the non-formal approach. It is 
possible to establish the quasi-formal method of comparison 
in many ways: 

e Describing conditionally ideal methodologies, and then 

by comparing and evaluating the selected methodologies 
relating to it. 
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TABLE I 
COMPARISON CHART 


Po Traditional development Agile development 


Fundamental 
hypothesis 


Systems are 


fully 
predictable and are developed throug 
extended and detailed planning 


High quality adaptive software is 
specifiable, developed by small teams that use the 
n | Principle of continuous improvement of 

design and testing based on fast feed- 
back and change 


Management style Command and control Leadership and collaboration 


Knowledge management 


Explicit 


Tacit 


Communication Formal Informal 


Development model 


Organizational structure 


User requirements 


YY castanrestad: = —— “tI of restart 


or modified models) 


Mechanic 

formalization), 

organization 
Detailed and 


High 


Life cycle model (waterfall, 


(bureaucratic, 
targeting 


defined 
ee eer e 


Spiral 
Evolutionary-delivery model 


high Organic (flexible and participative, 

large encourages social cooperation), 
targeting small and medium 
organizations 


Interactive input 


direction 


Testin ena : i 
After coding is completed Every iteration 
Gientinvowement [tow T 


Additional abilities 
required from developers 


Developers 


Interpersonal iliti 
Nothing in particular knowledge of the business 


abilities and basic 


Ped e o Oriented on plan, with adequate| Agile, with advanced knowledge, co- 
abilities, access to external knowledge | located and cooperative 


With access to knowledge, cooperative, 


Clients representative and 


empowered 


Dedicated, knowledgeable, 
Diiia representativeand 
mpowered 


Very stable, known in advance Sy with rapid changes 
Architecture Design for current and predictable | Design for current requirements 
requirements 


| Expensive = 


Remodeling 


is E) teams and projects Small teams and projects 


Primary objectives High safety 


e Identifying the set of basic characteristics deduced from 
the set of known methodologies, and then by comparing 
every methodology with the identified set. 

e Formulating a priory hypothesis about the requirements 
connected to the methodology. Then, it is necessary to 
test the formulated hypothesis by practical evidence from 
comparative methodologies. 


XII. COMPARISON USING PROCESS MAP 


One of the possible referential frameworks for comparison 
is to establish four potential quadrants, based on the following 
characteristics set on the coordinate axes: 


e Level of documentation. The level of documentation 
is represented on the horizontal axis, as well as the 


Quick value 


existence of formalities in the observed methodology. i.e. 
the existence of completely defined instructions and rules 

e Sequential/Iterative approach. The relationship of the 

sequential approach (linear approach, with integration and 
testing in the later phases of development and with the 
high level of risk) and iterative approach (the approach 
oriented to the risk minimization, with continual integra- 
tion and testing and with development in the rows of 
iterations) is represented on the vertical axis. 

The analysis of the preciously described characteristics 
of compared agile methodologies placed into the referent 
framework. The above figure draws a conclusion that the 
majority of illustrated methodologies are in the third quadrant. 
All the methodologies, found in the third quadrant, use the 
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Fest quadr am 


Second quedrant 


Fourth quadrant 


Fig. 4. Process Map 


iterative approach in development. They suggest a minimal 
use of documentation and formality, and therefore, they are 
ideal for using in small and on complex projects. 


XIII. CONCLUSION 


The basic philosophy of agile methodologies is that the 
process of development is considered as a creative process that 
can be planned, but the detailed plan is always unrealistic. 
Success is delivering value for money. In contrast to this, 


traditional methodologies deal with the process of develop- 
ment as the process of making the future solution, so it is 
advisable to make a detailed plan of activities. Success is 
meeting the initial predictions of cost and schedule. The Agile 
methodologies are methodologies where software development 
is incremental (small software releases, with rapid cycles), 
cooperative (customers and developers working together with 
close communication) and adaptive (the method itself is easy 
to learn and modify, well documented) and adaptive (able to 
make last moment changes). 

No matter what model is chosen for developing software 
applications, this activity involves complex processes that are 
often predisposed to errors. That is why, beyond agility or 
traditionalism, an important role goes to testing and validation. 
Any high quality software system, with professional develop- 
ment and implementation must be tested and validated before 
going into production. The client must know that the system 
was developed and implemented according to the project 
specifications. 
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Abstract—Electronic Commerce industry is exploding at a 
fast pace. One of the key aspects of electronic commence is 
payments. There are different methods to pay electronically. 
These can be through credit cards, electronic cheques, electronic 
cash, debit cards, or charge cards. This paper discusses the 
major electronic payment methods namely credit card processing, 
electronic check processing, and electronic cash. It presents and 
overview of each architecture, and describes two commercial 
implementations of the architecture. The paper also analyses 
and compares the payment methods and reveals their advantages 
and disadvantages, issues and challenges of electronic payment 
system, solution and adoption. 

Index Terms—Electronic payment, credit card, debit card, 
electronic transaction. 


I. INTRODUCTION 


LECTRONIC payment system is a mode of payments 
over an electronic network such as the internet. In other 


words we can say that e-payment is a method in which a 
person can make Online Payments for his purchase of goods 
and services without physical transfer of cash and cheque, 
irrespective of time and location. Electronic payment system 
is the basis of on-line payments and on-line payment system 
development is a higher form of electronic payments. It makes 
electronic payments at any time through the internet directly 
to manage the e-business environment. In real world we have 
two distinct types of payment systems.With the advancement 
in technology and popularity of Internet, the perception of 
making online transactions is bound to gain momentum. In 
the future, the payment modes currently used and supported 
shall see a declining trend owing to the numerous benefits 
offered by electronic payment systems. 


II. LITERATURE REVIEW 


In real world we have two distinct types of payment 
systems: 


A. Internet Based Payment System 
1) E-cash 
E-cash is purely software based; anonymous, untraceable, 
online token payment system, available on UNIX, Win- 
dows as well as Macintosh platform. When the tokens 
purchased by customers, the e-Cash software stores the 
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digital money on the customers personal computer which 
is under signed by the bank. The users can easily spend 
digital money at any shop accepting e-Cash without 
giving credit card details to the shopkeeper. 

Credit Card 

Credit card is a plastic card issued to the users to lent 
money for purchase of goods and services. The customer 
type the card number, expiry date and billing address on 
the order form and the vendor can verify the details and 
be confident of payment.There are four main partners in 
a Credit Card transaction. The Issuing Bank is the bank 
that maintains the account of the buyer and issues a Credit 
Card to the buyer. The issuing bank also sets a limit 
on the amount of purchases that can be made using the 
card and the percentage of interest on the unpaid portion 
of the bill. The cardholder is also known as the buyer 
in the transaction. The cardholder initiates a transaction. 
The merchant is the seller of goods and services. The 
merchant maintains an account with a bank or a financial 
institution known as the acquirer. Acquiring institutions 
contracts with merchants to enable them to accept credit 
card transactions and charges a certain percentage of fees 
for the transaction.A Credit Card Payment is a two-step 
process: 


e Authorization 
e Capture/Settlement 


Authorization is a process in which the merchant veri- 
fies the cardholder’s identification and credit limit. Cap- 
ture/Settlement is the process of actual transfer of funds 
from the cardholder’s account to the merchant’s account. 
The Internet Fraud Watch (IFW) pro-gram was estab- 
lished in 1992 by the National Consumers League to 
monitor consumer fraud. Card Issuers have provided 
certain tools for detecting fraud in a Card Not Present 
transaction. Address Verification Value (AVV): AVS com- 
pares the billing address of the credit card number sup- 
plied by the merchant with the billing address stored in 
the card issuing banks database. Card Verification Value 
2(CVV2)/Card Identification (CID): Card Verification 
Value 2, or CVV2 now appears on the back of most Visa 
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cards in the signature section after the credit card account 
number. American Express also has come out with a 
similar 3 digit called CID. This three-digit number helps 
validate that the customer is in possession of a genuine 
and legitimate card. Secure Electronic Transaction: In 
1995, Visa and MasterCard began to develop a standard 
for processing credit card transactions over the Internet. 
Called Secure Electronic Transaction (SET), the new 
standard would not only encrypt transactions but also link 
them with a digital signature that would fulfill the same 
role as the physical signature used in stores. 
3) Debit Card 

A debit card is a banking card enhanced with Automated 
Teller Machine and point of sale features so that it can 
be used at merchant locations. A Debit card is linked 
to an individuals bank account, allowing funds to be 
withdrawn at ATM and point of sale without writing a 
cheque. A Debit card holder pay directly through bank 
for his purchases. It replaces physical cash and cheque. 
In debit card system customers deposit in advance in to 
the bank and withdraw at the time of purchase.There are 
two types of debit card which are used in real world: 


e Online debit card 
e Offline debit card 


4) Smart Card 

A smart card was first produced in 1977 by Motorola. It 
is a thin, credit card sized piece of plastic which contains 
a half-inch-square area that serves as the cards input- 
output system. A smart card contains a programmable 
chip, a combination of RAM and ROM storage and can 
be refilled by connecting to the bank. It is known as smart 
card because the ability of chip to store the information 
in its memory makes the card smart. 


B. Electronic Transaction-Based Payment System 


There are four models of Electronic Transaction-based Pay- 
ment System 


1) Secure Electronic Transaction 
Secure electronic transaction is a system of online pay- 
ments for ensuring the security of financial transactions 
on the internet. The SET specification is an open, tech- 
nical standard for commerce, developed by VISA and 
master card. It facilitates secure payment card transac- 
tions over the internet. Digital certificate create a trust 
change throughout the transactions, verifying cardholders 
and merchant validity. 

2) Cyber Cash 
Cyber cash is a web based service that automatically 
processes and verifies customers credit card information 
then debiting the customers account and crediting the 
merchants account electronically. Cyber cash servers act 
as a gateway between the merchant on the internet 
and banks secure financial network. For the purpose of 
security in electronic payments system this system uses 
the digital signatures. 


3) NetBill 
Net bill is a micro payment system. Net bill payment 
system uses internet for purchasing goods and services 
and makes secure and economical payments for them. 
The net bill server maintains account for both consumers 
and merchants, which allows customers to pay merchants 
for goods to be delivered. The goods are delivered in 
digital form. There is a money tool software which 
verifies receipts of goods. So, net bill system of electronic 
payment enables the communication between money tool, 
the merchant server and net bill server. 
4) First Virtual Holdings 

First virtual is one of the first internet payment system 
that offered a third party verification method to make pay- 
ment over the internet. The first virtual payment system 
is unique in the sense that it does not use encryption. A 
fundamental philosophy of the payment-system is that 
certain information should not travel over the internet 
because it is open network. These informations basically 
related with credit card information. Instead of using 
credit card numbers, the transactions are complete by 
using a first virtual PIN, which is issued by first virtual 
company. These PIN numbers can be sent over the inter- 
net because it works like Id and no merchant can charged 
the users account without receiving a confirmation e-mail 
from him. 


III. ELECTRONIC CHECK PROCESSING 


Check Processing (ECP) is an electronic payment process 
designed to debit consumers checking accounts for payment 
of goods and/or services. The Financial Services Technology 
Consortium (FSTC) is an organization involved in introduc- 
ing a standard for electronic check processing. ECP can be 
achieved in one of two ways for processing: 

e By using the Automated Clearing House (ACH) network 
when the customers bank is a member of a financial 
institution. 

e By generating a facsimile draft at the direction of the 
merchant or when the customers bank is not a participant 
of the ACHnetwork 

The payer issues a check to the payee. Check contains the 
digital signature of the payer. The digital signature is generated 
based on some public key based identity scheme. Variations of 
an electronic check can provide the functionalities of traveler’s 
check or a certified check. If the currency field is changed, 
then and electronic check can be used as a traveler’s check. If 
the check contains the signature of the payer’s bank, then it 
becomes a certified check. The consumers are also provided 
with an electronic checkbook tostore the secret key, certificate 
information and check information. Digital envelopes are used 
to transmit the electronic check to the payee. Payee endorses 
the check using the secure hardware device and forwards 
the check to the payee’s bank. Deposited checks are settled 
by either directly debiting the customers checking account 
electronically through the ACH system, or by creating a 
facsimile draft and depositing it on the merchant’s behalf 
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(whichever method is deemed better for the transaction). There 
are 3 steps that occur when the check is forwarded by the 
merchant’s bank to the financial network. 

Validation occurs on every ECP transaction submitted. The 
validation process includes format and data edit checks, bank 
routing number checks and comparison to the data stored in 
the database. 

Verification permits merchants to compare each transaction 
to an external negative file to locate accounts, which have 
a history of bad checks outstanding or are closed for cause. 
Prenotification permits merchants to validate account informa- 
tion prior to submitting an ACH transaction for deposit. FSML, 
the Financial Services Markup Language, is an SGML like 
mark-up language designed to allow the creation of electronic 
financial documents. 

Implementations of Electronic Cash Payment System are 
Net Check, Netbill. 


IV. ELECTRONIC CASH PAYMENT SYSTEM 


Cash Payment is the earliest and the most popular form of 
payment. David Chaum who is called the father of digital 
cash” first proposed the concept of electronic cash. Electronic 
cash offers added convenience and costs involved for banks 
and merchants are greatly reduced.There are two ways in 
which Electronic Cash Payment Systems can be implemented: 
using Smart Card Technology or using an electronic mint. 


A. E-cash 


An E-cash or Electronic cash is a kind of system which per- 
mits a consumer (person) to make payment for objects/goods 
or services by a way of transmitting a number from one 
computer (PC) to another (PC). Un-like the real cash it is 
anonymous and reusable that is when digital cash is sent from 
a consumer to a seller, there is no way to get information about 
the buyer. When the person purchase digital cash certificates 
the money is withdrawn from persons account. Thus an E- 
cash or electronic cash is digital money that is used for online 
purchasing.To perform e-cash transactions, users need specific 
software on his/her PC to enable him/her to download money 
from their bank account into their cash wallet on their PC. In 
the process of buying, customers perform an exchange with 
the downloaded money with the vendor for the product they 
make apurchase. 

In an e-cash transaction the consumer is required to down- 
load and install software called electronic wallet on his/her 
computer (PC). So, as to get DigiCash, an electronic wallet 
is used by consumer to create digital coins, and thus, these 
created coins are sent to the bank to get signed. And after the 
coins are signed, the equivalent amount of money is withdrawn 
from the persons (customers) account of concerned bank. In 
case of when the person interested in making a purchase, 
he/she suppose to send signed digital coins to the Vendor. 
On the contrary the vendor cross-verifies the banks signature 
and performs the deposit of the coins into the bank, where 
they are credited to the vendors account in the respectivebank. 
Specifically, e-cash must have the following four properties: 
monetary value, Interoperability, irretrievability, and security. 


B. Working Of E-Cash 


Electronic cash is based on cryptographic systems called 
digitalsignatures.This method involves a pair of numeric keys 
(very large integers or numbers) that work in tandem: one 
for locking (or encoding) and the other for unlocking (orde- 
coding).Messages encoded with one numeric key can only be 
decoded with the other numeric key and noneother.The encod- 
ing key is kept private and the decoding key is madepublic.By 
supplying all customers (buyers and sellers) with its public 
key, a bank enables customers to decode any message(or 
currency) encoded with the banks private key. 

The purchase of e cash from an on-line currency server (or 
bank) involves two steps. 


e Establishment of an account 
e Maintaining enough money inthe account to back the 
purchase. 


C. Phases in an e-cash transaction 


A Person(Customer) purchases an e-cash from Bank 


Bank sends e-cash bits to customer (after charging that amount plus bank's charges.) 


Customer sends e-cash to Vendor/busimessman 


Vendor/busineeman checks with Bank that e-cash is valid (check for forgery or fraud) 


Participant Bank cross-verifies that e-cash is valid. 


Both Vendor & Customer completes transaction: e.g., Vendor presente-cash to issuing back for 
deposit once goods or services are delivered. 


Fig. 1. 


Phases in an e-cash transaction 


V. ISSUES AND CHALLENGES OF ELECTRONIC PAYMENT 
SYSTEM 


1) Lack of Usability : Electronic payment system requires 
large amount of information from end users or make 
transactions more difficult by using complex elaborated 
websites interfaces. For example credit card payments 
through a website are not easiest way to pay as this 
system requires large amount of personal data and contact 
details in web form. 

2) Lack of Security : Online payment systems for the 
internet are an easy target for stealing money and personal 
information. Customers have to provide credit card and 
payment account details and other personal information 
online. This data is sometimes transmitted in an un- 
secured way, (Kolkata and Whinston, 1997). 
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3) Issues with e-cash : The main problem of e-cash is that it 
is not universally accepted because it is necessary that the 
commercial establishment accept it as payment method. 
Another problem is that when we makes payment by 
using e-cash, the client and the salesman have accounts 
in the same bank which issue e-cash. The payment is not 
valid in other banks. 

4) Lack of Trust : Electronic payments have a long history 
of fraud, misuse and low reliability as well as it is new 
system without established positive reputation. Potential 
customers often mention this risk as the key reason why 
they do not trust a payment services and therefore do 
not make internet purchases (Lietaer, 2002). Electronic 
payment systems are not an exception of it. It means 
these are not successful without acceptance of users. 
Electronic payment system is an innovative way for on- 
line payments. Issues are not accepting easily because of 
lack of security in changing business-environment. Online 
payment system requires improvement of information 
technology. The failure of electronic payment system is 
depend on the factor that it neglects the needs of users 
and the market. 

5) Lack of Awareness : Making online payment is not an 
easy task. Even educated people also face problems in 
making online payments. Therefore, they always prefer 
traditional way of shopping instead of online shopping. 
Sometimes there is a technical problem in server cus- 
tomers tried to do online payments but they fails to do. 
As a result they avoid it. 

6) Online Payments are not Feasible in Rural Areas : The 
population of rural areas is not very literate and they are 
also not able to operate computers. As they are unaware 
about technological innovations, they are not interested 
in online payments. So the online payment systems are 
not feasible for villagers. 

7) Highly Expensive and Time Consuming : Electronic 
payment system are highly expensive because it includes 
set up cost, machine cost, management cost etc and this 
mode of payment will take more time than the physical 
mode of payment. 

8) Security issues that threaten the e-payment systems: 
The most common threats include viruses, worms and 
Trojan horses. Viruses are spread via email or by down- 
loading infected files. Viruses are a nuisance threat that 
can be categorized as a Denial of Service (DoS) tool due 
to the fact that they only disrupt electronic communica- 
tions. 


Nowadays there are thousands of different types of com- 
puter viruses and internet malicious programs. Malicious soft- 
ware can easily attack the mobile banking payment system 
by taking up passwords on the web browser or any cached 
information on operating system. For example the Zeus Trojan 
was used to target mobile bank users by inflicting defect SMS 
banking. Worms can be categorized as special viruses that 
spread using direct Internet connections. They are standalone 


programs that do not require a host program for activation and 
spread themselves independently from computer to computer 
by exploiting security vulnerabilities or configuration errors in 
operating systems or applications. 

Trojan horse programs launched against client systems 
pose the greatest threat to the e-Payment systems because 
they can bypass or subvert most of the authentication and 
authorization mechanisms used in an electronic transaction. 
The Trojan horses aim to spy on sensitive data (e.g. passwords, 
confidential data, etc.) and send it back to their owners to 
gain access to third-party computers and thus take control 
of them remotely. Trojans are normally disguised as appli- 
cations that are useful to users of the computers they infect. 
These programs can be installed on a remote computer by 
the simplest of means, for example an email attachment or 
when users visit certain websites and download a so called 
*harmless” program. As they do this, a key logger program 
that has bound to the downloaded program is also installed 
on their computer without their knowledge. When the users 
log into their banks website, the information keyed during the 
session will be captured and sent to the attacker. This is one 
of the most effective ways of stealing information because it 
captures everything the user is doing on his device. The key 
loggers or spyware, as they are also known are particularly 
dangerous because they can trace any kind of activity a user 
performs on his computer system. 

Another common method that is used to disrupt the security 
of the e-payment system is a denial-of-service attack (DoS) 
or a distributed denial-of-service attack (DDoS) that involves 
hackers placing software agents onto a number of third- 
party systems and setting them off to simultaneously send 
requests to an intended target. By doing this they attempt to 
make computer resources unavailable to its intended users (for 
example flooding” a network in order to prevent access to a 
service or a particular device by disrupting the service and 
not allowing access to a specific device). The DoS attacks 
typically target sites or services hosted on web servers such 
as banks or credit card payment gateways. The illegitimate use 
involves the use of information by unauthorized persons or for 
unauthorized purposes. 

Phishing and Pharming are methods used to solicit personal 
information by posing as a trustworthy organization. In recent 
years both pharming and phishing have been used for online 
identity theft information. Phishing attacks use email or ma- 
licious websites to solicit personal information. Usually the 
attacker sends an email seemingly from a reputable credit 
card company or financial institution that requests account 
information, often suggesting that there is a problem. When 
users respond with the requested information, attackers can 
use it to gain access to the accounts. Pharming is a type 
of fraud that involves diverting the client Internet connection 
to a counterfeit website, so that even when he enters the 
correct address into his browser, he ends up on the forged 
site. Pharming can be conducted either by changing the hosts 
file on a victims computer or by exploitation of a vulnerability 
in DNS server software. 
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VI. METHODS TO OVERCOME OF PROBLEMS IN 
ELECTRONIC PAYMENT SYSTEMS 


1) Encryption : Online shopping are very sensitive to notion 
that e-commerce is insecure, particularly when it comes 
to online payments. Most online payment systems use 
an encryption system to add security to the transmission 
of personal and payment details. There are various en- 
cryption schemes in use to prevent from frauds of online 
payments. 

2) Digital Signature : The parties involved in online pay- 
ments, transactions should use digital signatures in order 
to ensure authentication of transactions. 

3) Check Whether the Country is a High Risk Country 
: Always require closer inspection for orders that being 
shipped to an international address. Pay more attention 
if the card or the shipping address is in an area prone 
to credit card fraud. According to a Clear Commerce 
survey, the top 12 international sources for online fraud 
are Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, 
Romania, Bulgaria, Turkey, Russia, Pakistan, Malaysia, 
and Israel. The same survey also showed that the 12 
countries with the lowest fraud rates are Austria, New 
Zealand, Taiwan, Norway, Spain, Japan, Switzerland, 
South Africa, Hong Kong, the UK, France, and Australia. 
IP Geolocation service can identify the country of origin 
for businesses that need more information. It is helpful 
in maintaining the authentication in online payments. 

4) Firewalls : A firewall is an integrated collection of secu- 
rity measures designed to prevent unauthorized electronic 
access to a networked computer system to protect private 
network and individuals machines from the dangers of the 
greater internet, a firewall can be employto filter incoming 
or outgoing traffic based on a predefined set of rules 
called firewalls policies. There are 3 policy actions of 
firewalls: 


e Accepted: Permitted through the firewall. 

e Dropped: Not allowed through with no indication of 
failure. 

e Rejected: Not allowed through accompanied by an 
attempt to inform the sources that the packet was 
reject. 


There are two fundamental approaches to create firewall 
policies to effect minimize vulnerability to the outside 
world while maintaining the desire functionality for the 
machines in the trusted or individuals computer. These 
are : 


e Blacklist Approach 
e White list Approach 


5) Compare the credit card issuing Banks Country 
with the Billing Address Country : Another key point 
to bear in mind is to check the issuing country and 
the billing address. Make sure the issuing country and 
billing address country are the same. This is especially 
important, because minor banks may not have rigorous 
identification procedures. 


6) Call the credit card issuing bank to verify the validity 
of credit card : If online merchants have any suspicions 
about an order and need to confirm the details of the 
order, they can call the issuing bank and ask to confirm 
the general account details. This is to make sure that the 
card is not stolen. The issuing bank phone number is 
based on the first 6 digits of credit card number known 
as the Bank Identification Number (BIN). 

7) Request more identification in case of doubts : While 
consumers value their privacy and require quick web 
site ordering facilities, it is important to gather sufficient 
customer identity details during the ordering process. The 
customer’s name, credit card number and expiry date is 
not enough. Merchants should call them for verification 
through phone or request a photo ID to be faxed if they 
have any doubts. 


VII. SOLUTIONS 


An effective authentication program should be implemented 
to ensure that controls and authentication tools are appropriate 
for all e-payment based products and services. No single 
control or security device can adequately protect a system 
connected to a public network. The method and system can 
be augmented by requesting for different security credentials 
such as PIN, cryptographic key, digital signature, biometrics, 
etc to establish multiple layers of authentication. 

The electronic payment system with a higher number of 
authentication factors may have higher secure level. This 
means that an electronic payment system with higher authenti- 
cation factors will have a stronger security level which lowers 
or reduces the fraud vulnerability of the electronic payment 
system, and this eventually boost users confidence. 

In order to properly protect the e-payment system both 
technical and legal solutions must be found. 

Biometric based authentication and identification systems 
are the new solutions to address the issues of security and 
privacy that are expected in the future years. Biometrics can 
become a possible solution that allows the automatic identifi- 
cation of a person based on her physiological or behavioural 
characteristics. It provides a better solution for the increased 
security requirements of our information society. As biometric 
sensors continue to become less expensive, the public will 
realizes that biometrics is actually an effective strategy in case 
of fraud, making this technology more likely to be used in 
every transaction needing authentication. 


VIII. ADOPTION / ECONOMIC GROWTH OF E-PAYMENT 


Globalization in todays world is the result of innovative 
technological endeavors. The advancement in technology has 
changed the skyline of payment systems, moving towards e- 
World. The effectiveness of executing financial transactions 
and also a more secure and faster access to funds, among 
different other components, has put e-payment system on a 
more celebrated pace than the paper money based framework. 

Interestingly, in Nigeria, e-payment framework is picking 
up eminence to the degree that clients have now wanted to do 


Aswathy Gopakumar C et al, ’Evaluation of Electronic Payment Systems” 


78 


Proceedings of Vidya MCA Departmental Seminar (VMCADS - 2019), 22-23 November 2019 
Department of Computer Applications, Vidya Academy of Science & Technology, Thrissur — 680501 


financial transactions without going to the banks. Thus, time 
of money based payment framework is slowly blurring out as 
the cashless economy dominates present day financial systems. 
Lately e-payment system has turned into a standard through 
which fiscal element moves advantageously, particularly in a 
developing country like Nigeria where it is habitual to carry 
cash. In such a country, the e-payment system has shaped into 
an important starting point of her present-day economy. In the 
meantime, the initiative for an economy that is not based on 
cash will be preferred in the new era only when it is supported 
with age advantage, good education, ownership of important 
innovative foundations, among different other components, 
appropriatelyset up by every concerned individual of the 
economic system and proficiently managed before forcing the 
citizens to comply. 

Likewise, World Payments Reports (2012) investigated the 
state and advancement of worldwide non-paper money systems 
and discovered non-cash payments make it less demanding and 
speedier for individuals and organizations to purchase products 
and enterprises, thrusting cash into the framework quicker and 
adding to the GDP. The conclusion of the review was like that 
of who investigated principal connection between electronic 
retail payment and general financial development utilizing 
information from over 27 European nations from 1995 to 2009 
and came to know that relocation to proficient electronic retail 
payment empowers general financial development, utilization 
and exchange. The chief financial advantage of EPS involves 
mobilizing investment funds and guaranteeing a large portion 
of the cash accessible to the nation and with the banks, making 
funds accessible to borrowers (organizations and people). 
Moreover, an electronic system of payment can track spending 
of a particular individual. 


IX. CHALLENGES WHEN ADOPTING ONLINE PAYMENT 
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Fig. 2. Challenges when adopting online payment 


X. RESEARCH METHODOLOGY 


Conventional techniques of payment incorporate bankex- 
changes, debi tcards, andcreditcards.In2014, the quantity of 
cards with a function of payment improved up to 766 million 
in the EU. The measure of exchanges by means of cards 


was 47.5 billion, with an aggregate estimation of 2.4 trillion 
dollars. However, individuals incline towards other choices or 
local solutions of payment. The scene of optional payments 
has advanced and isbelieved toassert 55% of e-Commerce 
revenue by 2019. 


A. Online Payment Systems in Europe 


When it comes to paying for the goods the customers 
ordered online, the shoppers in Europe prefer to pay through 
third-party payment systems such as PayPal. Visa and Master- 
Card are also popular followed by domestic credit and debit 
cards (Ecommerce News 2017. Cited: 27.10.2017). 
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Fig. 3. Online payment methods in Europe (Ecommerce News 2017. Cited: 
27.10.2017) 


B. Online Payment Systems in China 


In 2017, AliPay was the leading third-party payment 
provider in China with 34.71%, Union Pay ranked next with 
22.44%, while Tencent Finance which provides Chinas largest 
internet company takes a market share of 15.37%. (Ryan SEO 
Shifu Blog 21.08.2017. Cited: 27.10.2017) 


XI. CONCLUSION 


One of the technological innovations in banking, finance and 
commerce is the Electronic Payments. Electronic Payments 
enables us to perform financial transactions electronically fast 
and easily. Although it provides a number of benefits .we must 
use the technology available for the moment to guarantee a 
reasonable minimum level of security on the network. With 
respect to the payments methods they have been analysed in 
this work, it is impossible to say that any one of them is 
perfect, although each one of them has advantages as opposed 
to others. If the client wants to maintain privacy, then they 
choose those payment methods which guarantee a higher level 
of privacy such as E-cash or Net Bill Checks. If the priority 
is security, they should use, Smart Cards. Both consumers 
and service providers can benefit from e-payment systems 
leading to increase national competitiveness in the long run. 
The successful implementations of electronic payment systems 
depends on how the security and privacy dimensions perceived 
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Fig. 4. 


Online Payment methods in China (Ryan SEO Shifu Blog. Cited: 


27.10.2017) 


by consumers as well as sellers are popularly managed , in 
turn would improve the market confidence in the system.The 
significance of electronic payment systems inglobal trade and 
commerce is quite evident from the changing modern trends. 
Their scope ranges from one dollar transactions to several 
million dollar transactions. 
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Implementaion of IoT in 
Health Care, Home, Farm and Green House 
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Abstract—Internet of Things (IoT) conceptualizes the idea of 
remotely connecting and monitoring real world objects through 
the internet. This technology has the ability to transfer data 
over a network without requiring human-to-human or human- 
to-computer interaction. This paper describes the implementation 
of IoT in homes, health care-monitoring, agricultural farms and 
greenhouse monitoring systems. 

Index Terms—Internet of things (IoT), health care, greenhouse, 
farm. 


I. INTRODUCTION 


DVANCED technology can bring benefits to the major- 

ity of people. In the recent years, the Internet of Things 

has begun to play a major role in daily lives, extending 
our perceptions and ability to modify the environment around 
us. 

The advancement in the new innovative technology and IoT 
has had a substantial influence in the health care system. A 
major aspect in the health care system is the monitoring of 
the patient’s vital signs such as temperature, blood pressure 
and heart rate. When it comes to our house, this concept can 
be aptly incorporated to make it smarter, safer and automated. 
It focuses on building a smart wireless home security system 
which sends alerts to the owner by using internet in case of 
any trespass and raises an alarm optionally. 

Installing IoT in agriculture farm has improved effectiveness 
and efficiency of the farmers. It can help evaluate field vari- 
ables such as soil state, atmospheric conditions and biomass 
of plants and animals and also can be used to asses control 
variables such as temperature, humidity etc. The development 
of internet technology has brought to the development of 
agricultural modernization. Agricultural IoT has become the 
inevitable trend of agricultural information through the remote 
monitoring and control of greenhouse, the greenhouse moni- 
toring system realized the precise measurement and real-time 
control of greenhouse. 


A. Health Care Monitoring 


Health-related issues have been regarded as one of the 
main problems which directly impact quality of life of a 
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person and development of the nation.Avoidance of health 
care monitoring negatively results in many aspects. Among 
the extensive applications enabled by the Internet of Things 
(IoT), digital health care is a mainly essential one. It provides 
a new life to the health care field. One of the better ways is 
where the doctors are able to certainly and quickly use the 
relevant patient information through the help of internet of 
things to take Suitable actions. Health care is the preservation 
and betterment of health via identification, diagnosis, treatment 
and prevention of diseases, sickness, wound and other physical 
and mental damage in humans. A major aspect in the health 
care system is the monitoring of the patien’s vital signs such as 
temperature, blood pressure and heart rate. Many monitoring 
devices that display the patient’s vital signs are commonly 
present in the critical care units in operating rooms. But there 
could be instances where the doctor cannot be alerted in time 
when there is an emergency, despite of 24 hours of monitoring. 
Also the data cannot be shared remotely with the other doctors 
who are specialists in that field and the family members. 
Technology that enables all these activities are available but 
arent accessible and affordable by many people in developing 
nations. Hence, the problem can be overcome by using Internet 
of things. 


Fig. 1. 


Block diagram 


Block diagram is shown in Figure 1. The diagram is divided 
into two parts: Transmitter and receiver. In the transmitter 
section all the sensors are connected to the raspberry pi 
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processor which does acquisition and processing and stores 
the processed data in the database which is on cloud. In the 
receiver section a Web page is built and data collected is 
displayed on the web page by an authorized person. Also, 
the doctor is alerted in case of emergency. The design of the 
system is divided into two parts: hardware components and 
software components. 

Hardware components are temperature sensor, ECG sensor, 
heart rate sensor, blood pressure sensor, accelerometer, Rasp- 
berry Pi. Software component is the Server. The interconnec- 
tion between various components is established and once the 
system is turned ON, the procedure begins. The sensors are 
connected to the body of the patient. 

e The sensors gather the information of the patient i.e. its 
heart rate, body temperature, weight, ECG, body position. 
This is the data acquisition step. 

e After the data is gathered the information is transformed 
to be fed as a input to the Raspberry Pi. The transforma- 
tion step converts the analogue data to digital form. 

e This information is given to the Raspberry Pi for pro- 
cessing. The processing step checks for every one of the 
parameters whether they are in the specified range. 

e On the off chance that the information is inside the 
defined range it creates a report for storage purpose. This 
is the storage step. If the data is not in determined range 
that demonstrates that the patient is in a critical/abnormal 
state thus it sends an alert to the doctor. 


In view of the caution the specialist will analyze the 
patient’s treatment. The doctors can login and see the patient’s 
information. Doctors can see every single past record of a pa- 
tient and recommend drugs and changes in medicine. Likewise 
patients are given one of a kind client id and password to see 
their records. The proposed system which uses sensors for 
sensing multiple factors such as patient’s body temperature, 
heart rate, ECG (Electrocardiography),blood pressure, body 
position all together. 

The goal of creating such a system is to decrease health 
care costs by diminishing doctor office visits, hospitalizations, 
and demonstrative testing method. Many further upgrades can 
be made in the proposed system to improve it and make it 
effortlessly versatile. 


B. Medicine Reminder 


Generally for home based health care the arrangement in- 
clude communications, imaging, sensing and human computer 
interaction technologies embattled at diagnosis, treatment and 
monitoring patients without disturbing the quality of lifestyle. 
It can be possible the development of a low cost medical 
sensing,communication and analytics device that is real-time 
monitoring internet allowed patients physical conditions. 

Internet of Things (IoT) network will provide active and 
real-time appointment of patient, hospitals, caretaker and doc- 
tors apart from this the secured data transmission from source 
point to destination for the purpose of remote monitoring 
there is need of the architecture of a low cost embedded 
platform for Web-based monitoring. The distant monitoring 


is made possible by using various biomedical devices, they 
measure and transmit data via Bluetooth or ZigBee to a unit 
that manages them (PC, iTV). The collected information may 
be stored on the device or sent to a collection center that 
provides a complete monitoring, for both health professionals 
and patients. Access to the medical center can be allowed, 
via web, from mobile device or PC. The IOT and RFID 
combination also play a vital role in object detection and 
personal identification which can be use categorized the person 
while remote monitoring when number of people information 
have observed which will helpful to unique identity to each 
patient and their respective data will be stored. 


C. Home Automation and Security 


Nowadays, there is a growing demand of automation and 
intelligent systems so that it leaves us with less human 
intervention and smart decision making devices. 

The currently built prototype of the system sends alerts to 
the owner over voice calls using the Internet if any sort of 
human movement is sensed near the entrance of his house 
and raises an alarm optionally upon the users discretion. The 
provision for sending alert messages to concerned security 
personnel in case of critical situation is also built into the 
system. On the other hand if the owner identifies that the 
person entering his house is not an intruder but an unexpected 
guest of his then instead of triggering the security alarm, the 
user/owner can make arrangements such as opening the door, 
switching on various appliances inside the house, which are 
also connected and controlled by the micro-controller in the 
system to welcome his guest. The same can be done when the 
user himself enters the room and by virtue of the system he can 
make arrangements from his doorstep such that as soon as he 
enters his house he can make himself at full comfort without 
manually having to switch on the electrical appliances or his 
favorite T.V. channel for an example. Thus using the same 
set of sensors the dual problems of home security and home 
automation can be solved on a complementary basis. 

The alerts and the status of the IoT system can be accessed 
by the user from anywhere even where Internet connectivity 
may not be readily available (since it is not necessary for 
the mobile phone to be connected to internet only board 
is required to have an access to Wi-Fi). The existing infra- 
red (IR) or Blue-tooth remote controls present in the market 
are in general appliance specific and the same cannot be 
used interchangeably. Electrical appliances connected through 
Bluetooth making use of Blue-tooth enabled smart phones 
cannot be managed from a distant location. Thus functions 
such as being able to turn on an air-conditioner while returning 
home cannot be done with such systems. In contrast, this work 
gives a cost effective and simple solution for wireless home 
automation and home security systems. 

The difficulty faced by current home security/surveillance 
systems in providing information pertaining to the situation 
to users while being away from home is tried to overcome 
in this project. The subsequent sections of the paper have 
been organized as follows: a comparative analysis between the 
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proposed system and the existing solutions has been provided 
in section II featuring the benefits of the proposed system over 
the existing ones. Section II illustrates how the system has 
been implemented, while sections IV and V goes into greater 
detail about working of the individual components present in 
the system and the overall functioning. 


Il. A SMART SECURITY SYSTEM 


PIR motion sensors are installed at the entrances of a 
building. These sensors as explained earlier detect the motion 
of human beings. This signal which detects their presence 
becomes the input trigger for the micro-controller. The owner, 
who may or may not be present in that building, will be 
receiving a voice call on his mobile phone (whose number 
is predefined in the program) stating that There is an Intruder 
in the House. To turn ON the lights and alarm at house so that 
the intruder will be warned, the owner can press 1 from his 
mobile keypad. Moreover if the owner finds that his building 
is not safe, he can send an SMS to the concerned authority in 
police department; explaining his situation. The module will 
turn OFF the alarm and lights after a fixed time delay. The 
call will be triggered again as soon as the module detects any 
unexpected motion and the owner will receive the call again 
and the process continues so on.(To ensure the safety from 
other entrances too, motion sensor should be installed at those 
places and will be controlled by a single micro-controller). 


A. Smart Home Automation System 


This application of the module can be explained by an 
example. Suppose the owner is expecting a guest at his house 
but he is not available there. Now, as the guests reach at his 
house the owner will receive a video call. But now the owner 
can press digits other than | (such as 3 for lights, 4 for fan, 5 
for A.C., and so on) or even can disable the security system. 
Similarly if the user or somebody leaves the house, the user 
will still receive a video call and this time he can switch off the 
appliances or can enable the security system again by pressing 
proper digits known to him. Since the appliances are connected 
to mains supply through a relay they can be easily controlled 
using micro-controller. 


B. Smart Agricultural Farm 


Advanced technologies can bring benefits to the majority 
of people. In the recent years, the Internet of Things (IoTs) 
has begun to play a major role in daily lives, extending our 
perceptions and ability to modify the environment around us. 
Particularly the agro-industrial and environmental fields apply 
IoTs in both diagnostics and control. In such optimization 
of agriculture, installing a Wireless Sensor Network (WSN) 
in the field has improved effectiveness and efficiency of the 
farmers. It can help evaluate field variables such as soil state, 
atmospheric conditions, and biomass of plants or animals. 
It can also be used to assess and control variables such as 
temperature, humidity, vibrations, or shocks during product 
transport. Moreover, WSN can be used to monitor and control 
factors that influence crop growth and yield. They can also be 


used to determine the optimum time to harvest, which farmer 
is more suitable for what conditions, detect diseases, control 
machinery, etc.. In this study, we focus on data consisting of 
temperature, humidity, and soil moisture in the crop fields. 
The proposed system is implemented with three parts i.e. 
control box, web-based application, and mobile application. 
The control box keeps electronic devices in a waterproof box. 
The control box could be located anywhere in farm or near the 
farm, having the soil moisture sensors, solenoid valve, DHT22 
sensor, and an ultrasonic sensor connected to the control box. 
In this study, IoTs is applied to the soil moisture sensors to 
measure the humidity of crop soil and to control switching 
on-and-off water sprinklers automatically. The solenoid valve 
was used to control water flow with on/off action. The DHT22 
sensor was used to control the humidity of mushroom farm. 
Ultrasonic sensor was applied to measure the level of water in 
the chicken farm. The second part is a web-based application 
that gets agriculture information from NodeMCU. It accesses 
the internet via Wi-Fi connection. The web-based application 
was implemented to manage agricultural plots and to manage 
watering of crop, or to analyze what is suitable watering. Fig. 
8 provides an example web page presenting the water need 
and IoTs information from each installation. Moreover, this 
part involves the agriculture data analysis that is explained in 
Section 4. The final part was implemented in order to interface 
with the farmer. The mobile application is used to control 
on-off switching of the electrical system by the farmer. This 
application has 2 modes; automatic and manual. The automatic 
system was activated when IoTs devices were detected with 
defined values of field sensors without user input. The farmer 
can take over the control and turn the water on or off with 
the mobile application. Fig. 9 is an example of the mobile 
application to control watering. The main functions of the 
application are monitoring watering, set-up of crop details in 
each plot, and notifications via LINE application. 


C. Green House Monitoring 


With the development of society, traditional forms of agri- 
culture cannot satisfy peoples needs, so agriculture must be 
change to satisfy peoples needs. The development of Internet 
technology has brought light to the development of agricultural 
modernization, agricultural Internet of things has become 
the inevitable trend of agricultural information. Through the 
remote monitoring and control of greenhouse, the green- 
house monitoring system realized the precise measurement 
and real time control of the greenhouse. Also the greenhouse 
monitoring system can implement the scientific management 
methods, improve crop disaster prevention ability and increase 
production. The greenhouse monitoring system is designed 
to satisfy the need of the remote monitoring and control of 
greenhouse. In this paper the design of the gateway will be 
introduced and the gateway is the core of the system. The 
IOT gateway is a join point of public network and wireless 
sensor network in greenhouse monitoring and control system. 
And the function of the gateway is realized data gathering, 
upload and processing remote user control information. The 


Blessy Poulose et al., *Implementation of IoT in Health Care, Home, Farm and Green House” 83 


Proceedings of Vidya MCA Departmental Seminar (VMCADS - 2018), 22 - 23 November 2018 
Department of Computer Applications, Vidya Academy of Science & Technology, Thrissur — 680501 


acquisition and 
control sysiem 


of 
Node 1 8 


Fig. 2. Structure of Green House Monitoring System 


gateway is based on modularization method and the using of 
the method improved the compatibility and better meets the 
needs of complex agricultural environment. Because of the 
electric and network is instability, the design can realize the 
cable and wireless communication between the gateway and 
the upper computer, if all the network lose connection, the data 
will be stored in the SD card, and send to the upper computer 
when established network connection. 


D. Structure of the Greenhouse Monitoring System 


This greenhouse monitoring and control system is designed 
to solve the problem when there are dozens Of greenhouses in 
agricultural production base. If each greenhouse communicates 
with the remote Server independently, the construction is big 
and the cost is high. So we need gateway to gathering data 
And send to the remote server unified.In terms of function, the 
greenhouse monitoring and control system includes acquisition 
and control two parts. The function of acquisition is transfer 
data From ZigBee coordinator to MCU, and then the MCU 
encapsulate data into the appropriate format and Transfer to 
the upper computer. The function of control is transfer data 
from upper computer to MCU, and then the MCU encapsulate 
data into the appropriate format and transfer to the acquisition 
and control system through Zig Bee coordinator. 


E. Ethernet Communication 


This design realizes Ethernet communication via LwIP pro- 
tocol. LwIP protocol communicates with underlying hardware 
and top applications via interface. LwIP contains 4 layers; 
physical layer isto complete driver of Ethernet controller. 


III. CONCLUSION 


For home health care various technology have evolved as 
review considered, in this paper medicine, its scheduling have 
well focused which is beneficial to improve efficiency of 
prescribed drug and reduce economic factor. To improve the 
existing home health care techniques, a number of monitor- 
ing technologies have been observed which leads to home 
health monitoring system. The monitoring system can be 
implemented with sensing element and wireless module which 
should need to secure so that message containing the health 
related information should not be corrupt. 

The IOT gateway connect wireless sensor network with the 
Internet, ensure the operation of the greenhouse monitoring 
system, and make it convenient to remote monitoring large- 
scale greenhouse, also make it easy to fine planting. The 
practical application approved that the gateway run fine in the 
greenhouse monitoring system, the environment data of the 
greenhouse can transfer reliably, and the control instruction 
sent timely. This design realizes remote intelligent monitoring 
and control of greenhouse, and is helpful to farms to scientific 
and rational planting crops. So this design has certain of value 
to popularize. 

In Home Automation & Security low cost and flexible home 
control and monitoring system using Android based Smart 
phone is proposed and implemented. The proposed architec- 
ture utilizes RESTful based Web services as an interoperable 
application layer for communicating between the remote user 
and the home devices. Any Android based Smart phone with 
built in support for Wi-Fi can be used to access and control 
the devices at home. 

In this paper we have proposed a multidisciplinary approach 
for smart agriculture using five key technologies: Internet of 
Things, Sensors, Cloud Computing, Mobile Computing and 
Big-Data Analysis. Through real time sampling of soil farmer 
will be able to get current fertilizer requirements for the crop. 
This is an essential requirement towards agriculture sector in 
India to get improved crop production with reduction in cost of 
fertilizer requirements keeping soil health intact. As the data 
is collected over the years for crop details and soil conditions, 
this model provides Big-Data analysis for best crop sequence, 
next crop to be cultivated for better production, total crop 
production in the area of interest, total fertilizer requirements, 
and other data of interest can be analysed. 
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Abstract—Digital image processing is concerned with acquiring 
and processing images. The main feature of image processing 
is altering and improving the image quality. Features of im- 
age processing includes noise removal, image compression and 
merging of images. Image is a representation of an object either 
in colour or in grays-cale. Image is a two-dimensional light 
intensity function. Digital image processing is the use of computer 
algorithms to perform those operations. It also deals with the 
improvement of pictorial information for human interpretation 
and also processing image data for storage, transmission and 
representation for autonomous machine perception. 

Index Terms—Image processing, digital image, enhancement, 
noise removal. 


I. INTRODUCTION 


digital image to remove the noise as well as any 

kind of irregularities present in the image with the 
help of digital computer. The noise as well as many other 
irregularities may find their way into the image either during 
its transformation or processing for any applications. Image 
processing is used in many different fields like remote Sensing, 
medical imaging, film industry, document processing, printing 
industry, etc. 


Te basic idea of image processing refers to process 


II. IMAGE PROCESSING TECHNIQUES 


The commonly used major image processing techniques are 
as follows: 


e Image preprocessing 
e Image enhancement 
e Feature extraction 

e Image classification 
e Image segmentation 


A. Image Pre-processing 


In image pre-processing, image data will be recorded by 
sensors on a satellite restrain errors, which related to geometry 
and brightness values of pixels inside the image. These errors 
are corrected using appropriate mathematical models which 
are either definite or statistical models 
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B. Image Enhancement 


Image enhancement technique is to modify the image by 
changing the pixel count values in order to improve its visual 
impact. Image enhancement involves a collection of techniques 
which are used to improve the visual appearance of an image, 
or to convert the image to a form which is better suited for 
human or machine interpretation. The enhancement process 
may not increase the inherent information content in the data. 
It simply emphasizes certain specified details to enhance the 
visual appeal 

Some of the enhancement techniques are the following: 

1) Contrast Stretching: Some images (eg: over water bod- 
ies, deserts, dense forests) are homogeneous i.e. they do not 
have much change in their pixel levels. In terms of histogram 
representation, they are characterized as the occurrence of 
very narrow peaks. The homogeneity can also be due to the 
incorrect illumination of the scene. The contrast stretching 
method are designed exclusively for frequently encountered 
situation. Different stretching techniques have been developed 
to stretch the narrow range to the whole of the available 
dynamic range. 

2) Noise Filtering : Noise Filtering is used to filter unnec- 
essary within an image. It is also used to remove various types 
of noises from an image. 

3) Histogram Modification : Histogram has lot of impor- 
tance in image enhancement. It reflects the characteristics of 
image by modifying the histogram, image characteristics can 
be modified. One such example is Histogram Equalization. 
Histogram equalization is a nonlinear stretch that redistributes 
pixel values so that there is approximately the same number of 
pixels with each value with in a range. The result approximates 
a flat histogram. 


C. Feature Extraction 


The feature extraction techniques are developed in order 
to extract features in synthetic aperture radar images. This 
technique extracts high-level features which are needed in 
order to perform classification of targets. Features are those 
items which are uniquely describe a target, such as size, shape, 
composition, location etc. Feature extraction has been given as 
extracting from the raw data information that is most suitable 
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for classification purposes, while minimizing the class pattern 
variability and enhancing the between class pattern variability 
. Thus, selection of a suitable feature extraction technique 
according to the input are to be applied to the needs with 
utmost care. 


D. Image Classification 


Image classification is the labeling of a pixel or a group 
of pixels based on their grey value. Classification is one of 
the most often used methods for information extraction. In 
classification, usually multiple features are used for a set of 
pixels. Classification can be performed using either of the two 
methods: 

1) Supervised Classification: In Supervised classification, 
the identity and location of some of the land cover types such 
as urban, wetland, forest, etc. are known as priori through 
a combination of field works and toposheets. The analyst 
attempts to locate specific sites in the remotely sensed data that 
represents homogenous examples of these land cover types. 

2) Unsupervised Classification: In Unsupervised classifi- 
cation re based on the software analysis of an image without 
the user providing sample classes.This classification uses tech- 
niques which determine which pixels are related and groups 
them in order to classify them 


IHI. IMAGE SEGMENTATION 


The image segmentation is referred to as the most important 
processes of image processing. Image segmentation is the 
technique of dividing or partitioning an image into smaller 
parts, called segments. It is hardly useful for applications like 
image compression or object recognition. Image segmentation 
technique is used to partition an image into meaningful parts 
which are having similar features and properties. The main 
aim of segmentation is simplification i.e., represent an image 
into meaningful and easily analyzable. Image segmentation 
is necessary first step for image analysis. The goal of image 
segmentation is to divide an image into several different 
parts/segments having similar features or attributes. 


A. Classification of Image Segmentation Techniques 


There are some existing techniques which are being used 
in image segmentation, which all have their own importance. 
These all techniques can be approaches of segmentation i.e., 
region based or edge based approaches. These all techniques 
also can be classified into three categories. 

1) Structural Segmentation Techniques: The Structural 
techniques are those techniques of image segmentation that 
relies upon the information of the structure of required portion 
of the image. 

2) Stochastic Segmentation Techniques : The stochastic 
techniques are those techniques of the image segmentation 
that works on the discrete pixel values of the image instead 
of the structural information of region. 

3) Hybrid Techniques : The hybrid techniques are those 
techniques of the image segmentation that uses the concept 
of all of the above techniques. These uses discrete pixel and 
structural information together. 


IV. IMAGE SEGMENTATION TECHNIQUES 


There are several image segmentation techniques : 


A. Threshold Method 


Thresholding methods are the simplest methods of segmen- 
tation. These methods divide the image pixels with respect 
to their intensity level. These methods are used over images 
having lighter objects rather than background. The selection 
of these methods can be manual or it can be automatic. 
Thresholding can be implemented either globally as well as 
locally. Global thresholding distinguishes object along back- 
ground pixels by comparing with chosen threshold value and 
use binary partition to segment the image. Local thresholding 
is also called as adaptive thresholding. In this technique the 
threshold value varies over the image depending on the local 
characteristics of the subdivided regions in the image. 


B. Edge Based Segmentation Method 


The edge detection techniques are as well developed tech- 
niques of image processing on their own. The edge based seg- 
mentation methods are bases on the rapid change of intensity 
value in an image because a single intensity value does not 
provide good information about edges. First of all the edges 
are detected and then are connected together in order to form 
the object boundaries to segment the required regions. 


C. Region Based Segmentation Method 


The region based segmentation methods are the methods 
that segments the image into various regions having similar 
characteristics. There are two basic techniques based on this 
method. 

1) Region Growing Methods : The region growing based 
segmentation methods are the methods that segments the 
image into various regions based on the growing of initial 
pixel. These seeds can be selected manually as well as 
automatically. Then the growing of seeds is controlled by 
connectivity between the pixels and with the help of the prior 
knowledge of problem, it can be stopped. 

2) Region Splitting and Merging Methods: The region split- 
ting and merging based segmentation methods uses two basic 
techniques. Splitting and merging for segmenting an image 
into various regions/ Splitting stands for iteratively dividing 
an image into many regions having similar characteristics and 
merging contributes to combining the adjacent similar regions. 


D. Clustering Based Segmentation Method 


Data clustering is a method which divides the data elements 
into clusters such that elements in same cluster are similar to 
each other than others. There are basic two types of clustering. 

1) Hard clustering : Hard clustering is a simple clustering 
technique which divides the image into set of clusters so that 
one pixel can only belong to only one cluster. In other words 
it can be said that each pixel can belong to exactly in one 
cluster. 
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TABLE I 
COMPARISON OF VARIOUS SEGMENTATION TECHNIQUES 


the image to find particular thresh- 
old values 


simplest method 


Segmentation tech- | Description Advantages Disadvantages 
nique 
Thresholding Method | Based on the histogram peaks of | No need of previous information, | Highly dependent on 


peaks, spatial details are 
not considered 


Edge Based Method Based on discontinuity detection 


Good for images having better con- 
trast between objects 


Not suitable for wrong de- 
tected or too many edges 


Region Based Method | Based on partitioning image into 


homogeneous 


More immune to noise, useful 
when it is easy to define similarity 
criteri 


Expensive method in 
terms of time and 
memory 


Clustering Method Based on division in to homoge- 


neous clusters 


Fuzzy uses partial membership 
therefore more useful for real prob- 
lems 


Determining membership 
function is not easy 


Watershed Method Based on topological interpretation 


Results are more stable, detected 
boundaries are continuous 


Complex calculation of 
gradients 


PDE Based Method Based on the working of differen- 


tial equations 


Fastest method, best for time criti- 
cal applications 


More computational com- 
plexit 


ANN Based Method Based on the simulation of learning 


process for decision makin 


No need to write complex pro- 
grams 


More wastage of time in 
training 


2) Soft clustering : The soft clustering is more natural type 
of clustering because in real life exact division may not be 
possible due to the presence of noise. Thus soft clustering 
techniques are most useful for image segmentation in which 
division is not strict. 


E. Watershed Based Methods 


The watershed based methods uses the concept of topo- 
logical interpretation. Here the intensity represents the basins 
having hole in its minima from where the water will spill. 
When water reaches the border of basins the adjacent basins 
are merged together. To maintain separation between basins 
dams are required and are the borders of region of segmenta- 
tion. These dams are constructed using dilation. 


F. Partial Differential Equation Based Segmentation Method 


The partial differential equation based segmentation meth- 
ods are the fast methods of segmentation. These are appro- 
priate for time critical applications. There are basic two PDE 
methods: non-linear isotropic diffusion filter (used to enhance 
the edges) and convex nonquadratic variation restoration (used 
for remove noise) .The results of the PDE method is blurred 
edges and boundaries that can be shifted by using close 
operators. 


G. Artificial Neural Network Based Segmentation Method 


The artificial neural network based segmentation methods 
simulate the learning strategies of human brain for the pur- 
pose of decision making. It is used to separate the required 
image from background. A neural network is made of large 


number of connected nodes and each connection has their own 
particular weight. This method is independent of PDE. 


V. COMPARISON 


For a comparative study of the variour segmentation tech- 
niques, see Table 1. 


VI. CONCLUSION 


This paper covers existing techniques and applications 
of image processing .Image processing techniques generate 
quality images for further researches. This is obtained by 
increasing the pixel count of the image and granting quality 
output. There is a technique called image segmentation usually 
used to identify region of interest (ROI) and boundary of the 
image. Images are defined over two dimensions, digital image 
processing may be modelled in the form of multidimensional 
systems. 
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Abstract—Agile software development represents a major 
departure from traditional, plan-based approaches to software 
engineering. In todays software industry, technological prowess 
and ever-evolving customer requirements have led to more 
complex software demands. Agile based software development 
is increasingly being adopted by the software practitioners as 
it assures early software development and high quality software 
products and responsiveness to changes in user requirements. 
There is a growing interest in applying agile practices in Global 
Software Development (GSD) projects. Scrum, one of the most 
popular agile approaches, in distributed development projects 
has steadily been growing. This paper presents the review’s 
findings that are expected to help researchers and practitioners 
to understand the challenges involved in using Scrum for GSD 
projects and the strategies available to deal with them. The 
focus of the survey involved industrial organizations in eight 
European countries and 35 individual software development 
projects was to inquire into the level of use as well as the 
experienced usefulness or expected usefulness if there was no 
experience available of the two agile methods and their individual 
practices. The main objective of this paper is to conduct an 
empirical study into the choice among the most popular Agile 
methodologies, Scrum, Extreme Programming and Kanban and 
their comparative analysis. 

Index Terms—Agile methodology, Scrum, Sprint, agile trans- 
formation, productivity improvement, extreme programming, 
lean programming. 


I. INTRODUCTION 


ganized in order to deliver faster, better, and cheaper 

solutions has been discussed in software engineering 
circles for decades.The systematic review seeks to evalu- 
ate, synthesize, and present the empirical findings on agile 
software development to date, and provide an overview of 
topics researched, their findings, strength of the findings, and 
implications for research and practice. 

The trend in the recent software development industry is to 
move towards Global Software Development (GSD). Recently, 
we have observed that an increased number of GSD project 
managers are seriously considering introducing agile practices. 
Agile practices are based on the philosophy of close, frequent 


T= issue of how software development should be or- 
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and collocated collaborations; the geographical distance in 
GSD alone can present a challenge. 

We chose “Scrum” as it has a focus on day to day project 
management and is the most widely adopted agile project 
management method. Scrum teams are self-organized, are 
facilitated by rich communication and a collaborative envi- 
ronment and are usually considered effective for co-located 
projects with a small team size. 

Some survey studies have been conducted to provide a 
broader overview on the status of agile methods in software 
development organizations. For example, the results of the 
Forrester survey indicate that whereas as much as 14 percent of 
North American and European enterprises are currently using 
agile processes, 19 percent are either interested or planning to 
do so in the near future. The goal of this survey study was 

e to provide industrial insight into two of the most known 

agile methods, especially in the context of embedded 
software development in Europe, 

e to fathom the level of their adoption and 

e to understand how useful the adopted agile methods and 

their individual practices are experienced to be. 

This study also provides a comparison among the most pop- 
ular Agile methodologies, Scrum, Extreme Programming and 
Kanban. The survey results would certainly assist the software 
practitioners in choosing among these Agile methodologies. 

The article is organized as follows: In Section 2, we discuss 
about the background and motivation. In Section 3, we give an 
overview of Systematic review on empirical studies of Agile 
software development. Section 4 describes Scrum in Global 
Software Development. Section 5 reports the Agile methods in 
European embedded software development organizations and 
Section 6 provides the comparative analysis of agile software 
development methodologies and ending up with Section 7 
which provides the conclusions. 


II. BACKGROUND 


The software industry has shifted from traditional soft- 
ware development models to agile based development in 
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response to ever-increasing software complexity and dynamic 
user requirements. Unlike the traditional models, agile meth- 
ods are characterized by shorter development cycles, higher 
customer interaction, incremental delivery, frequent redesign 
with accommodation of changes necessitated by dynamic user 
requirements. In this section, we first introduce the Scrum 
method,place the Scrum in the context of GSD and more 
concretely justify the need for this review. 

A. Scrum 

Scrum is an iterative and incremental project management 
approach that provides a simple “inspect and adapt” frame- 
work. In Scrum, software is delivered in increments called 
“Sprints” (usually 2-4 weeks iterations). Each sprint starts 
with planning and ends with a review. A sprint planning by 
a Scrum team is a time-boxed meeting, which could last up 
to 4 hours. It is dedicated to developing detailed plans for 
the sprint. The Stakeholders of a project attend sprint review 
meetings to review the state of the business, the market and 
technology. These meetings could also last up to 4 hours. 

B. Scrum in Global Software Development 

Agile approaches are usually considered effective for the 
projects with high uncertainty. Paasivaara et al reported that 
distributed software development projects with volatile re- 
quirements and uncertain implementation technologies can use 
various agile practices for effectively organizing and managing 
projects. 

C. A European wide research initiative on agile methods 

That is, Agile-ITEA project 
(http: //www.agile-itea.org), was conducted 
between 2004 and 2006. Its focus was on the research 
and deployment of agile methods in embedded software 
development in Europe. The Agile-ITEA consortium 
consisted of 22 partner organizations, both industry and 
research oriented, from eight European countries who all had 
the aim of exploring the potential of agile methods in their 
various development settings. The questionnaire-based survey 
provides an understanding on the following aspects: (1) what 
is the level of adoption of XP and Scrum practices among 
individual software projects in different embedded software 
organizations interested in agile software development and 
(2) how useful are the adopted methods perceived to be. 

D. Agile software development methodologies and their 
comparisons 

In Agile approach to software development, work is car- 
ried out in small phases, based on collaboration, adaptive 
planning, early delivery, continuous improvement, regular cus- 
tomer feedback, frequent redesign resulting into development 
of software increments being delivered in successive iterations 
in response to the ever-changing customer requirements. The 
Agile software development embodies several methodolo- 
gies including Extreme Programming, Scrum, Kanban, Lean, 
FDD (Feature-Driven Development), Crystal, DSDM (Dy- 
namic Systems Development Method) and this article provides 
a comparative analysis among Scrum, Extreme Programming 
and Kanban methodologies. 


III. SYSTEMATIC REVIEW ON EMPIRICAL STUDIES OF 
AGILE SOFTWARE DEVELOPMENT 


We identified 1996 studies from searches of the literature, 
of which 36 were found to be research studies of acceptable 
rigour, credibility, and relevance. Thirty-three of the 36 studies 
identified were primary studies, while three were secondary 
studies. 

The studies fell into four thematic groups: introduction 
and adoption, human and social factors, perceptions of agile 
methods, and comparative studies. We identified a number of 
reported benefits and limitations of agile development within 
each of these themes. However, the strength of evidence is 
very low, which makes it difficult to offer specific advice to 
industry. Consequently, we advise readers from industry to use 
this article as a map of findings according to topic, which they 
can use to investigate relevant studies further and compare the 
settings in the studies to their own situation. 

The studies investigated XP almost exclusively, and only a 
few of the studies on XP were done on mature development 
teams. A clear finding of the review is that we need to increase 
both the number and the quality of studies on agile software 
development. In particular, agile project management methods, 
such as Scrum, which are popular in industry, warrant further 
attention. We see that there is a backlog of research issues to 
be addressed. In this context, there is a clear need to establish 
a common research agenda for agile software development and 
for future field studies to pay more attention to the fit between 
their research methods and the state of prior work. 


IV. SCRUM IN GLOBAL SOFTWARE DEVELOPMENT 


Scrum teams are self-organized, are facilitated by rich com- 
munication and a collaborative environment and are usually 
considered effective for co-located projects with a small team 
size. Thus, it is apparently difficult to apply Scrum practices 
in GSD projects because of the physical separation of the 
development team members. We can argue that Scrum, as 
an agile method, is becoming increasingly popular and may 
also be used for globally distributed teams. But the actual 
process of using Scrum’s collaborative practices instead of 
project stake holder’s distribution is not clearly understood. 
For this reason we have decided to explore, investigate and 
explain various challenging factors that restrict the use of 
Scrum practices due to the global project. 

We used the following screening criteria to ensure the papers 
address this particular topic. 

1) Does a paper address the use of any Scrum practices in 

distributed projects? 

2) Does a paper discuss any real life experience of using 

Scrum practices in distributed projects? 

3) Does the objective of the paper is clearly mentioned? 

4) Does the paper discuss GSD project contextual factors 

adequately? 


A. Data Extraction and Synthesis 


From the final selected studies, we extracted data using 
a pre-defined data extraction form.The detail description of 
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the data extraction form can be obtained in the technical 
report. During data extraction,we found it quite difficult to 
extract relevant and meaningful information that can answer 
the research questions. We synthesized the data by identifying 
themes emanating from the findings reported in each of the 
paper reviewed in this study. 


B. Findings about Research Questions 


This section discusses how the data extracted from the 
reviewed studied address our research questions. By inves- 
tigating the two research questions, we aim to provide a 
synthesized overview of the literature on using Scrum practices 
in different distributed projects. 

e RQI1-Challenges of Using Scrum Due to Project Distribu- 
tion: Our analysis of the extracted data has revealed that 
the temporal, geographical and socio-cultural distance of 
GSD projects impact on using various Scrum practices in 
distributed settings. We have found that communication 
related issues are the major challenges when using Scrum 
in distributed settings. 

e RQ2-Used Strategies to deal with these challenging fac- 
tors Our Systematic Literature Review (SLR) has found 
that Scrum teams use various practices or strategies to 
reduce these challenging factors to support the use of 
Scrum practices in globally distributed projects. 

This review has identified and categorized these practices 

as follows: 

1) Synchronous communication 
We can argue that Scrum can be used within a distributed 
project that has even no overlap time between distributed 
sites. To address the lack of synchronous communication 
following practices were widely used: 

a) Synchronized work hours 
b) Local Scrum teams 
c) Modified practices 
2) Team Collaboration 
GSD Project managers use a number of practices that 
facilitate better team collaboration while using Scrum 
practices. 
a) Team Gathering 
b) Visit 
c) Unofficial distributed meetings 
d) Training 
e) Key documentation 
f) Mandatory participation 
g) Gradual team distribution 
3) Communication bandwidth 
To provide a rich communication environment and also 
to avoid slow, unreliable, and poor transmission, Scrum 
teams use the practice multiple communication modes. 
4) Tool Support 
GSD projects that consider using Scrum need a wide 
range of tool support. Tools may include communication, 
collaborative, project management, issue tracking, bug 
tracking, globally accessible backlog, and burn down 
chart etc. 


5) Team management 
We also observed that GSD projects used following 
Scrum team models suitable to their development envi- 
ronments while considering Scrum: 
a) Isolated Scrum team 
b) Distributed Scrum of Scrums team 
c) Fully Integrated Scrum team 

6) Office Space 
Our SLR has revealed that to support a better communi- 
cation and collaborative work and meeting environment, 
scrum teams use following practices: 
a) Single room 
b) Dedicated meeting room 

7) Multi sites 
It has been reported that Scrum teams usually use the 
following strategies while using Scrum practices in GSD 
projects with multi sites development. 
a) Local Scrum team 
b) Restricted team distribution 


V. AGILE METHODS IN EUROPEAN EMBEDDED SOFTWARE 
DEVELOPMENT ORGANIZATIONS 


A European wide research initiative on agile methods, that 
is, Agile-ITEA project (http: //www.agile-itea.org), 
was conducted between 2004 and 2006. Its focus was on 
the research and deployment of agile methods in embedded 
software development in Europe. 

The research was conducted as a questionnaire-based survey 
research. The survey can be considered as a descriptive survey 
and thus provides a descriptive analysis only(i.e. frequencies 
and cross tabulation). 


A. Actual Use of Agile Methods 


In the questionnaire, the scale included the following five 
adoption levels: 

(1) systematically used throughout the project, 

(2) mostly used throughout the project, 

(3) sometimes used in the project, 

(4) rarely used during the project and 

(5) never used during the project. 

In addition,the respondents were provided with the follow- 
ing answer options: 

(6) not applicable and 

(7) I do not know. 

According to the data in this survey (see Table 1), the five 
most used XP practices among the respondents, reported either 
as systematically or mostly used during the project are: 

(1) open office space, 

(2) coding standards, 

(3) 40 h week, 

(4) continuous integration and 

(5) collective code ownership. 

However, on the basis of the responses it cannot be esti- 
mated whether the respondents have applied each practice as 
part of XP. 
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XP practice Range 
Responses Responses 
‘systematically’ or ‘rarely’ 


Parameter Traditional Agile 

Methods Methods 
Adaptability to Change Change 
Change Sustainability Adaptability 
Development Predictive Adaptive 
Approach 
Development Process-Oriented People- Oriented 
Orientation 


Project Size 


Planning Scale 


Large 


Long-term 


Small/Medium 


Short-term 


Management Command-and- Leadership-and- 
Style control collaboration 
Learning Continuous Learning is 
Learning while secondary to 
Development Development 
Documentation High Low 


‘mostly’, % or ‘never’, % 
1) open office space 66 22 
2) coding standards 60 21 
3) 40h week (sustainable| 59 26 
pace) 
4) continuous integration 44 31 
5) collective code 42 48 
ownership 
6) refactoring 30 18 
7) planning game 28 50 
8) on-site customer 24 42 
9) simple design 22 41 
10) test-driven 18 56 
development 
11) pair-programming 15 51 


Fig. 1. XP practices and of their usage 


B. Experienced and Expected Usefulness of Agile Methods 
and Practices 


In this section, the results of two kinds of cross-tabulation 
are presented and discussed. First, the questionnaire responses 
where at least some level of use of a practice of XP or 
Scrum (systematic, mostly, sometimes or rarely) is reported 
are mapped with the reported level of usefulness.The related 
research question is: “how useful have the adopted methods 
been regarded?” Secondly, the responses where there has been 
no usage of certain agile practice(i.e. none, not applicable 
or I do not know) are mapped with the estimated level 
of usefulness (in the future projects). The related research 
question of this mapping is: “what is the potential usefulness 
of the agile practices?” 

In addition, in both methods of study, there seems to bean 
improvement in attitude when comparing the expectations with 
the experiences. While examining the XP data, it can be seen 
that nearly 90 percent of the responses where the practices 
of XP had been applied (at least to some extent) could be 
considered positive whereas only5.8% could be characterized 
as negative ones. 


VI. EMPIRICAL STUDY OF AGILE SOFTWARE 
DEVELOPMENT METHODOLOGIES: A COMPARATIVE 
ANALYSIS 


The software industry has shifted from traditional software 
development models to agile based development in response 
to ever-increasing software complexity and dynamic user 
requirements.Although several studies have been conducted 
by individual teams, but little empirical data is available in 


Fig. 2. Comparison of Traditional and Agile Software Development Methods 


support of success and higher adoption of agile software 
development methodologies 


A. Transition to agile software development 


Heavyweight methodologies, also known as traditional soft- 
ware development approaches are characterized by compre- 
hensive planning, process-orientation, predictive approach and 
heavy documentation. Unlike traditional software methodolo- 
gies, lightweight methodologies promise frequent delivery of 
software increments in small iteration cycles and are team- 
oriented and adaptive approach. The lightweight methodolo- 
gies, popularly known as agile methodologies, have made huge 
inroads into the software industry in the past few years. 

1) Scrum: Scrum is one such methodology that manages 
the software development in various short iterations known as 
sprints. Each sprint includes all the phases of a software devel- 
opment life cycle model such as designing, implementation, 
testing, customer review, etc. 

The characteristics unique to the Scrum based development 
are: 


e Collaboration 

e Daily Meetings 

e Product Backlog 

e Sprint Backlog 

e Roles 

e Product Owner 

e Development Team 

e Scrum Master 

2) Extreme Programming (XP): James Newkirk defines 
Extreme Programming (XP) as a lightweight methodology 
that facilitates planned and iterative software development by 
small teams of developers to achieve higher software quality 
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and enhanced productivity, in response to rapidly evolving 
requirements. 

The distinguishing features of Extreme Programming (XP) 
that make it stand apart from other Agile approaches are: 


e Requirements as Story Cards 
e Simplicity 

e Continuous Interaction 

e Test Driven Development 

e Refactoring 

e Pair Programming 


B. Kanban 


As pioneered by David J. Anderson et al, Kanban provides a 
means to visualize and limit the work-in progress during soft- 
ware development process. Kanban method lays emphasis on 
scheduling of work so as to facilitate the delivery of software 
product just-in-time for implementation. The characteristics 
that distinguish the Kanban methodology from other Agile 
based methodologies are: 


e Kanban Board 

e Maximizes Productivity 

e Continuous Delivery 

e Waste Minimization 

e Limits Work in Progress (WIP) 


C. Comparison Among Agile Software Development Method- 
ologies 


Although several methodologies follow the same set of 
principles as formulated by Agile manifesto, but they differ 
on various parameters of Agile principles. Empirical study 
of Scrum, XP and Kanban methodologies of Agile software 
development has resulted in the comparison as presented in 
below Table. 


VII. CONCLUSION 


We identified 1996 studies from searches of the literature,of 
which 36 were found to be research studies of acceptable 
rigour, credibility, and relevance. Thirty-three of the 36 studies 
identified were primary studies, while three were secondary 
studies and they investigated XP almost exclusively. A clear 
finding of the review is that we need to increase both the 
number and the quality of studies on agile software develop- 
ment. In particular, agile project management methods, such as 
Scrum, which are popular in industry, warrant further attention. 

It is still an open debate whether or not the Scrum practices 
can successfully be used in distributed settings. However, it 
appears to be an indication that there is an increasing interest 
in using Scrum practices in GSD projects. Globally distributed 
Scrum teams usually face a number of challenges as project 
distribution impact on communication, coordination and col- 
laboration processes. The communication related challenges 
are identified as vital. Scrum practices need to be extended 
or modified in order to support globally distributed software 
development teams. Our findings reveal that to support the 
use of Scrum practices in various distributed projects, Scrum 


Parameters 


Design Principle [19] 


Scram based Development 


Complex Design 


Extreme Programming (XP) 


Simplification of Code & 
accommodation of unexpected 
Changes through Refactoring 


Kanban Methodology 


Limits the amount of Work-in- 
Progress & ensures Waste 
Reduction 


Nature of Customer 


Not compulsorily on-site 


On-site Customer Interaction 


Not compulsorily on-site 


Interaction [18] 


Design Complexity Complex design Simple design Simple visual design 
Project Coordinator ‘Scrum Master ‘XP Coach Team Work 
ns] 
Roles Assigned 3 Pre-defined roles: Product No prescribed roles No prescribed roles 
Owner, Scrum Master & 
Development Team 

Process Ownership Scrum Master Team ownership Team ownership 
Product Ownership Product Owner is responsible for Group responsibility of product Group responsibility of product 


[18] product 


Team Collaboration Cross functional teams Self organizing teams Team comprises of specialized 


Tesources 


No iterations. Task fow 
development 


Work flow Approach Iterations (sprints) Short iterations 


Requirements ‘Requirements Managed in form ged in form of Story Cards Managed using Kanban Boards 
Management of artifacts through Sprint 
Backlog &Product Backlog 
Product Delivery Delivery as per Time boxed Continuous Delivery Continuous delivery 
sprints 
Coding Standards No coding standards Coding standards are used No coding standards 
Testing Approach No formal approach used for Test driven development. Testing done after implementation 
testing including acceptance testing of each work product 
Accommodation of Changes not allowed in sprints Amenable to change even m later Changes allowed at any time 
a 5 stages of development 
Fig. 3. Comparison among Scrum, XP and Kanban Methodologies 


teams need to add a number of strategies suitable to their 
development environments. 

One of the goal of this study is to provide insights, ex- 
periences and knowledge on XP and Scrum methods of ag- 
ile software development from European embedded software 
organizations known to be interested and active in adopting 
and exploring agile methods. The principal results concerning 
XP are as follows: 54 percent of the responses referred to 
systematically, mostly or sometimes applying the practices 
of XP. The most used XP practices among the respondents 
were: (1) open office space (66 percent of the responses), (2) 
coding standards (61 percent), (3) 40 h week (59 percent), 
(4) continuous integration (44 percent) and (5) collective 
ownership (42 percent).In addition, 77 percent of responses 
where practices of Scrum had been applied (at least to some 
extent) could be considered positive (extremely useful, very 
useful or useful), whereas nearly 11 percent of the responses 
referred to negative experiences of Scrum (not useful). 

Our survey results demonstrate a clear trend towards the 
higher adoption of Scrum based development in comparison to 
other Agile variants such as Extreme Programming and Kan- 
ban. The comparative analysis of three Agile methodologies, 
namely Scrum, XP and Kanban conclude that although the Ag- 
ile family consists of several software development approaches 
which share the same set of Agile principles, but they do 
differ on various parameters. Among all Agile methods, Scrum 
has the highest adoption whereas Extreme Programming is 
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certainly picking up pace with software practitioners starting to 
exploit it to their advantage, and Kanban approach to software 
development is increasingly being explored for addition to 
existing Agile software development process. 


[1] 
[2] 
[3] 
[4] 
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Abstract—The term big data is defined as the huge volume 
of data. It encompasses valuable information either to take 
decisions, track specific behaviors or detect threat attacks. The 
processing of such data is made possible by using different 
techniques, called Big Data Analytics. In a industry, data gen- 
erated by machines and devices, product life cycle management 
(PLM) solutions, “Big Data” term, has extended the scope of 
technological capability to store, manage, process, interpret, and 
visualize the amount of data.The applications of big data analytics 
in the field of logistics and transportation industry and to detect 
and recognize containers code based on a Hadoop big data 
analytics system.In this paper we discuss the various applications 
of bigdata, consequences and the privacy challenges faced by big 
data. 

Index Terms—Big data, supply chain management, SCOR 
model, trajectories meta model, security and privacy challenges, 
architecture for anomaly detection and prediction. 


I. INTRODUCTION 


that grow at ever-increasing rates.It encompasses the 

volume of information ,the velocity or speed at which 
it is created. Big data analytics is the often complex process of 
examining the large and varied data set ,or big data to uncover 
information such as hidden pattern ,unknown corelations etc. It 
is the massive volume of mixed structured ,unstructured and 
semi structured data. It also represent a big challenge for 
respecting privacy and security concerns. 

Supply chain management is a field where Big Data and 
analytics have obvious applications.Now a days the supply 
chain operations and processes have to be constructed for 
global application for a new product varients. They are not 
only influenced by the market itself but also the risk like 
the bottle neck should be occur along the supply chain or 
with in the product line.Disturbances are treated reactively 
in most cases.The early identification of upcoming risks is 
typically missing.According to this, the required reaction time 
for all actions is not available.All these issues are in the 
focus of companies with different emphasises due to individual 
business strategies and their services. Bigdata as well as cloud 
based method in which the rise of cloud computing strategy 


B IG data refers to the large,diverse sets of information 
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makes dynamic provision of elastic capacity on applications. 
In the cloud data centers contains thousands of servers should 
be hosted. 

The another term involved in big data analytics is NFC 
enabled logistics The RFID system works similarly on the 
other side of the logistics cycle. It is used in the real time appli- 
cations like monitoring. The RFID system by radio frequency 
technology that involves storing and retrieval of information 
remotely through the tag that emit radio signals. This can run 
by with the help of a particular RFID software.Through by 
the logistics techniques they have able to analyse, access and 
manage large volume of data. As the transportation network 
become larger it should be make more complex big data 
solutions help to enable logistics and transportation companies 
to meet these requirements. 


II. BIG DATA AND BIG DATA ANALYTICS 


It is a huge volume of data. it consist of different contents: 

1) Strucured data 
Structured data is easy to model,store,query ,process 
and visualize. It is generally presented as pre-defined 
fields, with specific types and sizes, managed in relational 
databases or spreadsheets. 

2) Semi-structured data 
Semi-structured or self describing data is a type of 
structured data. It doesnot follow rigid model. It contains 
a kind of metamodel such as tags and markers that are 
used to identify certain elements and define a hierarchical 
representation of different fields within the data. Well- 
known examples of semi-structured data are XML (Ex- 
tensible Markup Language) and JSON (JavaScript Object 
Notation). 

3) Unstrucured data 
Unstructured data is a predefined format. It is typically 
composed of free form text such as books, articles, 
documents, emails, and media files such as image files, 
audios, and videos. 

A good bigdata is measured by following criteria: 

1) Volume 
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It is the huge amount of data.To determine the value 
of data,size of data plays a very crucial role. It is the 
data collected and stored in many distributed data stores. 
The more this volume is bigger, the more it is significant 
for processing but with respecting the four coming rules: 
Variety, Veracity, Value, and Velocity. 

2) Variety 
It refers the nature of data that is structured,semi- 
structured and un structured data.It is also reffered as 
heterogenous data. As the data could be structured or 
not, it also could be internal or external. The internal data 
is gathered from the internal resources in the organiza- 
tion.External data is extracted from external resources. 

3) Velocity 
It refers to the high speed of accumulation of data.It is 
to find the rate of which the data flows. 

4) Veracity 
It refers to inconsistency and uncertainty in data that is 
data which is available can sometime gets messy and 
quality and accuracy are difficult to control. 

5) Value 
It is most important is to be able to use it to extract value 
and in a reasonable time. 


II. SUPPLY CHAIN MANAGEMENT 


Supply chain can be considered as the combination of four 
independent interlinked entity such as marketing, procurement, 
warehouse management and transportation. Supply chain man- 
agement is responsible for creating and maintaining the links 
of different entities in a business which are responsible for 
procurement of raw material to ultimate end user of the 
product. 


A. Supply Chain complexity 


Complexity in supply chain is material and information 
flows between supply chain partners. 

A supply chain consists of many parts or elements of various 
types. They have various elements and their interrelationships 
are significant for the complexity occurring in a system. There 
are some of the key characteristics of complexity occurring in 
a supply chain system such as: 


1) Number of components 
Products, processes, supply chain partners, relationships, 
interactions, goals, location. 

2) Diversity of system 
Related with the homogeneity or heterogeneity of a 
system. 

3) Interdependency 
Interdependence between items, products and supply 
chain partners. Complexity increases in direct proportion 
to the increase of interdependence. 

4) Variety 
This represents dynamical behavior of a particular sys- 
tem. 

5) Uncertainty 


Uncertainty represents all difficulties to be able to make 
a picture of a system due to the lack of information. The 
more uncertainty that makes more complexity occurs in 
this system. 


B. SCOR Model 


The SCOR is a tool to diagnose the business flow between 
a firms first and second tier customers and suppliers. SCOR 
model is based on five basic management processes: 


1) Plan 
Processes include gathering customer requirements, col- 
lecting information on available resources, and balancing 
requirements and resources to determine planned capa- 
bilities and resource gaps. 
2) Source 
Processes describe the ordering and receipt of goods and 
services. 
3) Make 
Processes describe the activities associated with the con- 
version of materials or creation of the content for services. 
4) Deliver 
Processes describe the activities associated with the cre- 
ation, maintenance, and fulfillment of customer orders. 
5) Return 
Process describe the activities associated with the reverse 
flow of goods back from the customer. 


IV. APPLICATIONS OF THE BIGDATA ANALYTICS IN 
SUPPLY CHAIN 


The steps are the following: 


1) Planification 
The Big Data reduce the risk of infrastructure investments 
and contracted external capacities. 

2) Supplying 
Big data is enabling supplier networks that focus on 
knowledge collaboration. 

3) Production 
The combination of analytics techniques enables to op- 
timize manufacturing processes, shop floor management 
and manufacturing logistics which allows producing new 
products in a more way and reducing logistics cost. 

4) Distribution 
Big data analytics can be used to optimize routing and 
improve supply chain traceability. 

5) Return 
The use of big data analytics enables to know customers 
perceptions of offered products and services and discover 
their unobservable characteristics in order to understand 
market demands and anticipate future consumer product 
variety desires. 


V. LOGISTICS OF TRAJECTORIES 


A trajectory means evolution over time of the physical 
movement of a moving object. 
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The form of trajectory is like (tagid, (locationl, time1), 
(location2, time2), . . . , (locationn, timen)), which represent 
the business logic. 


1) Raw trajectory 
(tagid, (x1,y1,t1), (x2,y2,t2), . . . , (x100,y100,t100)) 
The RFID system allows that each reader provides mes- 
sages of the form (tagid, location, readtime, observation) 
at fixed times intervals. The recording of positions of a 
product in a specific field of space and time constitute 
the products raw trajectory. 

2) Structured trajectory 
(tagid, (Stop(x1,y1), beginTimel, endtimel, observa- 
tion1), . . . , (Stop(x20,y20), beginTime20, endtime20, 
observation20)) 
Structured trajectory is defined as a structured gross 
trajectory segments corresponding to significant steps in 
the trace of the path, product’s raw trajectory is in the 
form (tagid, location, begintime, endtime, observation) by 
grouping these tuples with one tag and one reader. 

3) Semantic trajectory 
(tagid, (Semantic_Stopl, beginTimel, endtimel, obser- 
vationl), . . . , (Semantic_ Stop20), beginTime20, end- 
time20, observation20)) 
Semantic trajectory uses the four components (stop, 
move, begin and end). These are not space-time posi- 
tions, but rather the semantic objects related to general 
geographical knowledge and the application geographic 
data. 

4) Trajectory based on region of interest 
Products trajectory based on Region of interest: (tagid, 
(Regionl, beginTimel, endtimel, observationl), . . . , 
(Region4), beginTime4, endtime4, observation4)) 
The movement patterns in space and time contexts based 
on the concept of region of interest by defining the 
concept of spatial neighborhood and temporal tolerance. 


VI. APACHE HADOOP FOR BIG DATA ANALYTICS 


Apache Hadoop is an open source software framework for 
storage and large scale processing of data-sets on clusters of 
commodity hardware. To deal with the increased demand on 
storage and computation requirements, old systems are based 
either on scale up solutions or scale out solutions. In the other 
side, big data analytics solutions such Apache Hadoop are 
based on a framework that abstract most of the engineering 
effort caused by parallel architectures. 


1) Presentation of hadoop Apache 
Hadoop is an open source framework written in Java. It is 
designed to deal with very large data sets using computer 
clusters of commodity hardware. It has two main parts, 
a distributed storage part: the Hadoop Distributed File 
System (HDFS) and a processing part: the MapReduce 
programming model. 

2) Architecture of Hadoop Framework 
Hadoop is composed of two main parts, a storage part 
managed by HDFS and a processing part managed by 


MapReduce programming model or higher programming 
languages. 

3) Hadoop Distributed File System(HDFS) 
The Hadoop Distributed File System (HDFS) is the 
primary data storage system used by Hadoop applications. 
The Hadoop framework uses a distributed redundant 
storage system called HDFS that stores files in blocks 
replicated in multiple machines. A main server manage 
data splitting and replication in the other chunk servers 
used for both data storage and processing. 

4) MapReduce Programming Model 
Hadoop uses mainly MapReduce as a programming 
model to process the large datasets. It contains two 
important tasks, namely Map and Reduce. Map” means 
it divide problems to smaller ones and ”Reduce” combine 
the results. The Map and Reduce functions are to be writ- 
ten by the user. MapReduce take care of all the details of 
distributed computation. The main server (master node) is 
not overloaded by computation, it is responsible only of 
communication with user application and managing the 
other workers nodes. The tasks are sent to which improve 
the system performance and mainly the bandwidth. 

Other Hadoop Elements are 

1) Hive 
Data warehouse language that allows requesting and 
managing vast distributed data. Hive provides capabilities 
to access the storage using SQL-like language called 
HiveQL. 

2) Pig 
Data flows oriented language using Pig Latin program- 
ming language.It is used to increase the performance 
of hadoop and MapReduce by offering a programming 
language allowing faster processing. 

3) Hbase 
A sparse database for storing large quantities of data. 


VII. ARCHITECTURE FOR ANOMALY DETECTION AND 
REACTION IN CLOUD 


The architecture of the framework is shown in Figure 1. 
The dashed line is the limit the interface of the architecture It 
is composed of Anomaly Prediction, Anomaly Detection, 
Workload Prediction, Deployment Planner, Provisioning and 
Resource Allocation, and Contextual Information. Besides 
these core elements of the architecture, the following are 
sources of information and external systems that support such 
architecture: 


1) Contextual information 
Data used by our system architecture to make decisions 
are supplied from different sources, such as: logs from 
the infrastructure operations ,information about release 
of new ,business metrics related to expected performance 
parameters of system; and data from social networks. 

2) Baseline workloads 
The baseline workloads are built with patterns observed 
from historical data, and enable the determinations of 
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fluctuations in the system input along the time. Such 
workloads provide insights on how the demand changes 
according to the period of the day, day of the week, 
season, months, etc. 

3) Current Workload 
This is the observed workload in the system in a given 
moment and it is extracted via monitoring tools. This 
information is constantly logged as historical data for 
future use. The framework uses this log to emulate real 
time loads to our proposed framework in order to enable 
the detection of ongoing anomalies. 

4) IT Infrastructure: The target IT infrastructure for our 
proposed framework consists of a hybrid cloud, com- 
posed of both public cloud providers and inhouse infras- 
tructure owned by the cloud service provider as well as 
legacy systems that are not cloud-ready. 


A. Anomaly Prediction 
The anomaly prediction is done by: 
1) Selection of appropriate sources of data for prediction 
2) Filtering of data 
3) Extraction of data 
4) Actual prediction of expected workload 
5) Actual prediction of failures in the system 
6) Determination of prediction confidence level 


B. Anomaly Detection 


This module is based on the workload observed in a given 
time and baseline workload.This is done by with the help of 
anomaly detection algorithm that analyse the described data 
to make a decision about the severity of anomaly and the 
transiency. 


C. Workload Prediction 


This module carries out the translation of observed or 
unexpected variance in estimation to the business impact of 
possible disruption.to make this it quantifies the expected 


workload in terms of request per second along a future time 
window and combine this information with business impacts. 


D. Deployment Planning 


This framework is responsible for advising actionable steps 
related to deployment of resources in a cloud infrastructure 
to react to failures and anomalies in the system.Automation 
engine and provisioning and Resource allocation module of 
the system execute these steps. 


E. Provisioning and Resource Allocation 


This component has the following functions: 1. Translation 
of resource requirements from a vendor-agnostic description 
to specific offers from existing cloud providers. 2. Selection 
of most suitable sources of resources. 3. Perform automatic 
negotiation for better offers from providers with compromising 
SLA. 


VIII. CLUSTERING 


Clustering is the unsupervised learning technique that has 
similar group of objects in the cluster or similar among 
themselves than object in different clusters.In the context of 
cloud computing it is to enable the optimization of execution 
of tasks.It helps to reducing the amount of data movement 
required by the application which also helps reducing the 
execution time of their applications. 


IX. SECURITY AND PRIVACY CHALLENGES 


The security challenges are the major issue that we are 
faced. There are set of security and privacy challenges such 
as 

1) Random Distribution 

The main issue with this topology is it is very difficult to 
know the exact location of storage and processing which 
can result in many security problems. 

2) Privacy 

Current system is not applicable. If a hacker or a mali- 
cious node gain access to the clusters it would be easy 
to steal, bad exploit or alter the contained records. 

3) Computations 

It is also important to protect the systems from any 
attempt to spy on the nature or the number of performed 
computations. 

4) Integrity 

To ensure the validity and the trust level of that data in 
order to avoid relying on a suspect of records. 


X. TECHNIQUES TO PROTECT PRIVACY IN BIG DATA 


There are different techniques to handle big data are 

1) Authentication 
Big data solutions architecture should employ such a 
technique to control both, joining clusters and accessing 
critical storages. 

2) Anonymization 
This main idea consists of using data perturbation and 
data swapping techniques to protect the association of 
individuals to critical information. 
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3) Tracing activity 
To keep the log of every activity performed over the big 
data as well as the responsible of these actions. 


XI. CONCLUSION 


Big Data basis for many organizations in different sectors 
that automatically process and extract valuable insights in 
order to help decision makes. The fact to collect and compute 
all possible and varied data could lead to many security and 
privacy violations.The supply chain management that should 
be required at the time of complexity. In this paper, we discuss 
the research work about solutions for increasing the supply 
chain visibility and the different opportunities and challenges 
in the supply chain management of a particular system. In 
our analysis, we have identified the main processes modeling 
the global supply chains based on SCOR model.The another 
application such as NFC enabled logistics in which they have 
real time application process through the radio signals. From 
this paper we discussed about the Meta model for products 
trajectories to present trajectories from different facts like 
raw, structured, semantic and composite region of interests 
and data warehousing conceptual schema using composite 
documents.the application of logistics and transportation has a 
very important crucial rule in the applications of big data. They 
have different applications that should be provided in the terms 
of logistics.These make better transportation and logistical 


facilities should be available.The cloud based structure is the 
another applications of big data these may produce structured 
and unstructured data generated by machine. The cloud data 
centers usually contains thousands of physical and virtual 
machines subject to SLA.To enable these service to comply 
with SLAs with minimum resource usage and techniques such 
as anomaly detection and prediction. 
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Abstract—Software development methodologies are constantly 
evolving due to changing technologies and new demands from 
users. The objective of this article is to methodical approach 
towards improving Turnaround time and improve business value 
to customer through Agile Transformation. . Agile transformation 
focuses on organization level strategies attempting to change the 
traditional mindset of software development and maintenance 
activities and adapt to the Agile way of working.This paper is to 
present knowledge management aspects of an Agile transforma- 
tion as an organizational change resultant from introduction of 
a new Agile project management methodology in the context of 
the organizational learning theory. A case study from a software 
organization is considered with an emphasis on improving the 
productivity through Agile transformation. The paper responds 
to a research questions about potential knowledge management 
aspects, issues and challenges within Agile transformation process 
in terms of its pre-conditions and facilitators. The research results 
revealed fundamental pre-conditions and demands in terms 
of: continuous training and workshops, coaching, mentoring, 
involvement of Agile coaches and champions, establishment of 
community of practice, rational support from executive team 
and learning organizational culture. However, the major Agile 
transition challenge to enterprises is to initiate a continuous 
learning process as a part of the learning organizational culture. 


Index Terms—Agile methodology, scrum, sprint, agile transfor- 
mation, productivity improvement, extreme programming, lean. 


I. INTRODUCTION 


HIS study aims to analyze the speed that the ag- 
ile methodologies give the software development pro- 


cess,showing how the companies use these methods as 
a way to reduce time and effort in software development. 
Today’s dynamic business environment has given rise to emer- 
gent organizations that continuously adapt their structures, 
strategies, and policies to suit the new environment. Such 
organizations need information systems that constantly evolve 
to meet their changing requirements but the traditional, plan- 
driven software development methodologies lack the flexibility 
to dynamically adjust the development process. 


II. APPLICABILITY OF AGILE METHODOLOGY-USING 
SCRUM 


The agile methodology part of the premise on which the 
results should be reached quickly without compromising the 
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quality of the final product(software), accordingly the SCRUM 
is a methodology that aims to improve the planning of software 
projects whose premise is break the product into smaller pieces 
and so deliver the functionality without client wait too long to 
view them. 

This study limits itself to show the benefits agile brings 
to the software development. As an example if you have the 
modus operandi of the CTIS, software company that operates 
in the domestic market and adopting the common software 
development methodology, but that’s depending on the client, 
opting for the agile methodology.The Superintendency of the 
Manaus free trade zone SUFRAMA, which, through bidding, 
hired the service of CTIS and opted for the move to agile 
methodology. SUFRAMA is a federal authority responsible 
for managing tax incentives. 

Software Engineering is a branch of engineering, whose 
focus is to develop within appropriate cost high quality 
software systems. Software Engineering is a layered technol- 
ogy, involving tools, methods process and focus on quality. 
(SOMERVILLE, 2007). Any engineering approach (including 
software) must be grounded in an organizational commitment 
to quality. 

SCRUM is an iterative process.At the beginning of each 
iteration, the team reviews what should be done and deter- 
mines what viable functionality to be delivered at the end of 
the iteration. The team is free to use your best effort in the 
remainder of the iteration and features at the end the final 
product built. 

Figure 1 shows the flow of Scrum. 

On a Scrum project, all the responsibilities are divided 
between three roles: 

e Product Owner: Person responsible for managing the 
product Backlog (ensuring that is visible to all),generate 
and disseminate the project requirements, as well as the 
plan for successive deliveries,prioritizing the results that 
will bring greater added value to the project. 

e Scrum Master: Responsible for implementing the Scrum 
method, as well as teach you to everyone involved in the 
projects and ensure that all follow the rules and practices. 

e Scrum team: Development group collectively responsi- 
ble for the success of each iteration and the project as 
a whole, must be composed of multi-disciplinary people 


Malavika Mohan et al, “Agile Methodology in Software Development” 


100 


Proceedings of Vidya MCA Departmental Seminar (VMCADS - 2019), 22-23 November 2019 
Department of Computer Applications, Vidya Academy of Science & Technology, Thrissur — 680501 


Oaly Serum 


Tackle tasks 


Spent Backlog : 


y Product tackeg 
| AS pnocezed by Product Ouner 


Potentaty Shppsdie 
Product increment 


Fig. 1. Flow of the Scrum 


ii RAR, RAS 
Project Product Sonat 
Vision focesg toctog 
ssa eneneane J 
Fig. 2. Elements of Scrum 


capable of self-organization and self-management. 


The process advocated by Scrum covers the following 
elements as shown in Figure 2. 


1) The vision: Must be prepared by Product Owner, includ- 
ing releases and plan the product delivery milestones ev- 
ery Sprint, in order to maximize the return on investment 
of the product development project. 

2) The Backlog of product: Also prepared by Product 
Owner, contains a list of the functional and nonfunc- 
tional requirements, prioritized and divided into releases 
(Sprints). 

3) The Sprint planning meeting: The project is divided in 
Sprints lasting thirty calendar days each, to be performed 
one after the other, without interruption. The planning is 
done in a meeting with the participation of the Scrum 
Team and by Product Owner. 

4) Sprint: The own product development iteration, which 
has a fixed duration. A Sprint includes their planning 
meetings, review and retrospective. 

5) The Daily Scrum: Daily meeting of fifteen minutes, 
where each team member answers the following ques- 
tions: 


a) What I did on the project since the last Daily Scrum? 


b) What I’m planning to do until the next Daily Scrum? 
c) Is there any restriction or impediment to that I honor 
my commitment of the current Sprint and/or the 
project? 
There are ways to adapt the Scrum for application in various 
types of programs and complex projects, such as: 


1) Combining with traditional methods of project man- 
agement: Can connect concepts and artifacts, such as 
WBS (work breakdown structure) and product Backlog, 
earned value analysis, the Burndows Charts and the Com- 
munication Plan, control of meetings Sprints (planning, 
daily, review, retrospectives) etc. 

2) Managing complex programs: Adoption of a Scrum 
to Scrum, where the Backlog of product can be broken 
down into sub-backlogs, each being consumed by your 
respective Team Scrum. 

3) Expertise in functional areas serving various projects 
(for example, teams of testing or quality assurance): 
In the product Baclog, can come in various designs and 
tasks in the Backlog at a Spint, those tasks that fit within 
thirty days. 

4) Combined with the technology in the form of ”cas- 
cade”: You can split the schedule in fixed duration 
model, in order to synchronize, for example, a sequence 
of Sprint with a milestone (milestone) foreseen in the 
project, as well as had the activities of verification and 
validation of the form evolution in each Sprint. 

5) Combining with the Six Sigma approach: You can 
wrap each of the phases of the DMAIC methodol- 
ogy(Define, Measure, Analyze, Improve, Control) in a 
Sprint, running one after another. 


II. TRADITIONAL VERSUS AGILE SOFTWARE 
DEVELOPMENT 


We provide a brief comparison of agile development 
methodologies with traditional systems development method- 
ologies, and discuss the challenges of adopting agile method- 
ologies. Software development is a complex activity charac- 
terized by tasks and requirements that exhibit a high degree 
of variability. Uncertainties are further compounded by the 
diversity and unpredictability of people who engage in such 
tasks. The changing nature and sophistication of tools (for 
example, a development environment including programming 
languages, techniques, and so on) may also exacerbate devel- 
opment problems. A rationalized, engineering-based approach 
has dominated software development almost since its inception 

Here, we identify the key management, organizational, 
people, process, and technological issues in adopting agile 
methodologies. 


IV. AGILE TRANSFORMATION IN PROJECT 
ORGANIZATION: KNOWLEDGE MANAGEMENT ASPECTS 
AND CHALLENGES 


The objective of the paper is to present knowledge manage- 
ment aspects of an Agile transformation as an organizational 
change resultant from introduction of a new Agile project 
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management methodology in the context of the organizational 
learning theory.The paper respond to a research questions 
about potential knowledge management aspects,issues and 
challenges within agile transformation process in terms of its 
preconditions and facilitators. 

Many IT and ICT project enterprises were applied or moved 
to Agile project management methodologies to cope with the 
key challenges through introduction of diverse organizational 
changes. The transition is better known as an Agile trans- 
formation process requiring complex and long-lasting number 
of organizational changes at all levels of whole enterprise. 
Effective knowledge management is a critical precondition of a 
successful transition process in large sized project companies. 

As shown by result of the research,the change in 
the project management methodology significantly im- 
pacted the project organization as a whole.It was a 
source of comprehensive organizational changes in pro- 
cesses,technology,methodology,strategy,structure and organi- 
zational culture and it allowed for enhancing the competitive 
advantage of the organization.The key pre-condition and facili- 
tator of an agile transformation process is the knowledge man- 
agement aspect.Project organizations and senior executives 
have to address many knowledge management pre-requisites 
and challenges with a view to ensuring a successful transition 
process deployment. 


A. Knowledge Management Aspects of an Agile Transforma- 
tion 


An Agile transformation process denotes transition from 
traditional project methodologies to Agile project methodolo- 
gies and requires changes of all organizational levels. Project 
team members, all management executives, and customers 
have to be open to learn a lot, engage, cooperate and make a 
significant effort to resolve many issues and overcome barriers 
and challenges within a long time frame of an Agile transition 
process deployment. 

The cost of Agile transformation in terms of money, re- 
sources, disrupted working routines and quality of develop- 
ment may become significantly high, so there is a necessity to 
firmly address knowledge management aspects to mitigate the 
risk of an unsuccessful transition. There are a few essential 
knowledge management aspects of the transformation: organi- 
zational learning culture, continuous learning process, knowl- 
edge repositories, training sessions and workshops, community 
of practice and management support in terms of coaching and 
mentoring. 

Although the transformation process encounters a lot of 
issues, barriers and challenges, there are some facilitators 
possible to apply in order to avoid an unsuccessful transition. 


B. Methodology 


The triangulation method was used to enrich and authen- 
ticate the final empirical research results.different enterprise 
case studies were collected through exploration of the existing 
Internet repositories. 
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The Agile transformation process was primarily conducted 
in large-sized enterprises of the IT software and telecommu- 
nication industries (31 percentage) focusing on IT and ICT 
project management application (Figure1). 


C. Results 


The main empirical research result showed how the in- 
troduction of a new Agile project management methodology 
impacted the entire organization and resulted in number of 
organizational changes coupled with the synergy of all these 
changes. 

Project organizations and their senior executives need to 
address numerous knowledge management pre-requisites and 
challenges related to these organizational changes in order to 
ensure a successful deployment of the transition process. 

The effective knowledge management together with a com- 
plexity of agile project methodology deployment in large-sized 
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enterprise were identified as two major issues and challenges 
within the overall agile transformation process. 

The essential long-term goals of an Agile transformation 
process revealed in the presented research study are: reduction 
of the time-to-market, a higher overall project efficiency and 
productivity, a growing predictability of customer deliveries 
and increasing transparency of project planning (Figure 5). 
Creating knowledge repository and developing learning orga- 
nizational culture were identified as important intermediate 
knowledge management goals of an Agile transformation 
process. 


V. PRODUCTIVITY IMPROVEMENT THROUGH AGILE 
TRANSFORMATION 


The objective of this article is to methodical approach 
towards improving Turn around time And improve business 
value to customer through Agile Transformation. Agile trans- 
formation focusses on organization level strategies attempting 
to change the traditional mindset of software development 
and maintenance activities and adapt to the Agile way of 
working. Additionally, Agile Transformation strategies tries to 
deliver potentially shippable products on time with enhanced 
business value with acceptable quality amp; quantity. Adoption 
of Agile has been gaining more and more prominence in IT 
organizations since they have started realizing the benefits. A 
case study from a software organization is considered with 
an emphasis on improving the productivity through Agile 
transformation. 


A. Basics of Agile Transformation 


Agile Transformation is the art of refactoring the organiza- 
tion so that it can unlearn the traditional way of working and 
culturally adopt to the Agile way of building software. Funda- 
mentally, it is all about working as a team, building backlogs 
and regularly producing potentially shippable products with 
business value to clients. It measures throughput rather than 
productivity. The strategies for Agile Transformation gets 
initiated from the point of knowing where we stand currently 
to where we want to head. . During February 2001, The 
Manifesto for Agile Software Development was created by 
various delegates. This consists of 4 Agile Values and 12 Agile 
principles. 

1) The Agile Values: 

e Face to Face communication, transparency, collaboration 

over detailed documented processes, templates, tools. 

e Working software over detailed documentation and re- 
ports. 

e Interactions with customer rather than effort spent on 
negotiating contracts 

e Responding to requests rather than following a detailed 
plan 

2) The Agile Principles: 

e The topmost priority is to gain customer satisfaction 
and delight through early and frequent deliveries of 
potentially shippable product resulting in business value 
to customers 


e Exhibit flexibility in welcoming change even at a later 

stage of project execution 

Constantly delivery potentially shippable products with a 

focus on having shorter iterations 

e All project stakeholders should work together with en- 
hanced interactions and collaborations 

e Build teams using motivated members. Have trust in the 
team’s ability to move forward 

e Set up a system of interacting and collaborating through 
face to face communication 

e Working software is the preliminary key performance 
indicator understand the progress of the project 

e All project stakeholders must adapt to the Agile way 
of working and ensure a steady pace of working and 
delivering business value thus meeting expectations 

e In order to bring him more agility, constant focus on 
upskilling on technical/ non- technical areas and good 
design is a must 

e The more that we maximize the bucket of work not 
done, the nearer we get to closing in on the few highly 
valuable features which deliver highest business value to 
customers. In fact, this practice is truly an art and it must 
be mastered by all stakeholders 

e The best in class technicalities amp; ideas emerge from 
team which are self-organized 

e At pre-defined frequencies, teams introspect on the areas 
that can enable them to become more effective. It helps 
them to adjust, optimize and fine tune themselves to 
delivery more business value 


B. Various Agile Methods 


In this case study, the Agile Transformation mainly focuses 

on Extreme programming, Scrum and Lean. 

1) Extreme Programming: Extreme Programming or XP 
is one of the software development methodologies which 
focuses on improving software quality against frequently 
changing business needs. Extreme Programming was 
conceptualized by Kent Beck while he was working on 
Chrysler Comprehensive Compensation System. Some 
of the fey elements of extreme programming includes 
practices such as pair programming, simplicity and clarity 
of code, building features only when they are needed 
etc. This concept has taken the name extreme since the 
beneficial practices are taken to an extreme level during 
implementation or execution. Some of the key steps in 
Extreme Programming involves the following: 


a) Have a very simplified design just enough to code the 
feature. It can be redesigned when required. 

b) Even before coding activities, Unit Test cases needs 
to be derived and it needs to keep running constantly. 
They are automated and helps in eliminating defects 
early. 

c) Another concept of Pair Programming helps in Pro- 
gramming and reviewing in turns. 

d) Integrating and Testing happens multiple times in a day 
during the process of Continuous Integration. 
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e) Integrate a basic feature to a production system. This 
can be optimized or enhanced as and when required 
rather than opting for a big bang approach. 


2) Scrum: The concept in Scrum is the split large chunks of 
work into smaller groups and, reviewing and integrating 
along the journey of project execution. Scrum practices 
have caught attention of other support functions such as 
Sales, Business teams, HR amp; IT. They have similar 
challenges and they expect Scrum to help them easy the 
way of working and overcome the challenges. Scrum 
is one of the types of Agile implementation. Agile is 
a set of principles and rules that elaborates how teams 
collaborate and get work done in a time bound manner. 
It has been proven that Scrum provides lots of benefits 
to stakeholders such as increased productivity, increased 
employee satisfaction, faster time to market and improved 
team dynamics. 

3) Lean: If an organization must become lean, it must 
understand customer value and processes to constantly be 
optimized. The ultimate objective is to have a high quality 
optimized processed which has near zero waste. A Lean 
Process Improvement approach can help an organization 
in the following ways: 

e Eliminate waste 

e Improve productivity 

e Reduce cost 

e Improve customer satisfaction 
e Improve margins 

e Decrease backlog 


C. Objectives of Agile Transformation 


The objectives of driving Agile Transformation is to pro- 
vide a strong cultural shift across the organization towards 
embarking Agile way of working. This should ideally result 
in improved project performance with quantitative benefits. 
The key steps towards executing the transformation journey 
include: 

e Improved Quality by introduction of technical practices 

such as CI 

e Cultural shift through trainings and experience 

e Working as a team by a mindset shift 

e Faster Time to Market by improving the process cycle 

efficiency 


e Building leadership team 

e Deriving organization level vision for transformation 

e Identifying transformation journey road map with clear 
milestones 

e Come up with deployment plan 

e Define progress assessment criteria 

e Measure outcomes 

e Share experience 


VI. CONCLUSION 


The principles of agile methodologies parallel the ideas 
delineated in Checkland’s Soft Systems Methodology and 


Ackoff’s Interactive Planning *3+. These reflect the essen- 
tial characteristics of complex adaptive system and have the 
potential to endow organizations and systems with emer- 
gent properties.While the opportunities and benefits that ag- 
ile methodologies afford make them attractive,organizations 
should be circumspect in embracing them or in integrating 
them with existing practices. Agile methodologies are ideal 
for projects that exhibit high variability in tasks (because of 
changing requirements), in the capabilities of people, and in 
the technology being used. As Highsmith notes, they are also 
appropriate for projects where the value of the product to 
be delivered is very important to customers. Organizational 
forms and cultures conducive to innovation may embrace 
agile methods more easily than those built around bureaucracy 
and formalization. Organizations must carefully assess their 
readiness before treading the path of agility. The issues raised 
in this article are invaluable in making this judgment. 
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Abstract—Internet of Things (IoT) are everywhere in our daily 
life. They are used in our homes, in hospitals, deployed outside 
to control and report the changes in environment, prevent fires, 
and many more beneficial functionality. Internet of Things (IoT) 
is one of the most buzzing and discussed topic in research field 
today. Some of the researchers are also looking future of the 
world in this technology. In this paper, we identify and discuss 
the properties that constitute the uniqueness of the IoT in terms 
of the upcoming security and privacy challenges and explore the 
most relevant limitations of IoT devices and their solutions. We 
survey the four most dominant IoT architectures and various 
IoT attacks happening, classify them, its countermeasures and 
finding the most prominent attacks in IoT. A state of the 
art survey about the various attacks have been presented and 
compared including their efficiency and damage level in IoT. 
Anaalyze their security and privacy components with respect to 
the requirements. Our analysis shows a mediocre coverage of 
security and privacy requirements. Finally, through our survey 
we identify a number of research gaps that constitute the steps 
ahead for future research. 

Index Terms—Internet of Things (IoT), architecture, attacks, 
security, encryption, cryptography. 


I. INTRODUCTION 


idea in 1999 by Kevin Ashton , which has now evolved 

into a reality that interconnects real world sensors, 
electronic devices, and systems to the Internet. The internet of 
things has been drawing wide attention in recent years. In the 
year of 2005,International Telecommunication Union (ITU) 
has released an annual report on Internet of Things . In the 
report, ITU has pointed that RFID and intelligent computing 
technology had opened an era that interconnecting global 
things altogether at macro level.The Internet is the heart and 
center supporting for IoT, hence almost all the security threats 
that lie within the internet propagate to IoT as well. Compared 
with other traditional networks, the sensitive nodes of the 
IoT are assigned in positions without manual supervision, 
with the weak capability and limited resources, making the 
security issues of the IoT quite troublesome. Furthermore, the 
fast development and wider adoption of IoT devices in our 
lives signify the urgency of addressing these security threats 
before deployment. Due to intrinsic limitation of processing 
capability and speed, the traditional security counter measures 


Te term Internet of Things was first introduced as an 
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are not applied as it is for IoT based security threats. The 
paper is an attempt to survey various types of security attacks 
and its associated depth and impact on the entities. 

Internet of things (IoT) is a group of interconnected devices 
and people in which devices can communicate with each other 
without human intervention . Internet of things can be applied 
in various areas such as transportation, farming, healthcare, 
etc.The advantages of IoT are almost unlimited and its appli- 
cations are changing the way we work and live by saving time 
and resources. It is also opening new opportunities for growth, 
innovation, and the exchange of knowledge between entities. 


II. IOT PROPERTIES AND SECURITY REQUIREMENTS 


In contrast to traditional IT systems such as enterprise 
applications, cloud computing, and big data, a combination 
of a number of properties makes the IoT unique in terms 
of the challenges that need to be coped with. The identified 
distinguishing properties are four, namely: the uncontrolled 
environment, the heterogeneity, the need for scalability, as well 
as the constrained resources utilized in the IoT: 


A. Uncontrolled Environment 


Many things will be part of a highly uncontrolled environ- 
ment; things travel to un- trustworthy surroundings, possibly 
without supervision. Sub- properties of the uncontrolled envi- 
ronment are: mobility, physical accessibility, and the lack of 
trust. 


e Mobility: Stable network connectivity and constant pres- 
ence cannot expected in such an environment. 

e Physical accessibility: In the IoT,sensors can be publicly 
accessible, e.g., traffic control cameras, and environmen- 
tal sensors. 

e Trust: A priori trusted relationships are unlikely for 
the large amount of devices interacting with each other 
and users. Thus, automated mechanisms to measure and 
manage trust of things, services, and users are crucial for 
the IoT. 


B. Heterogeneity 


IoT is expected to be a highly heterogeneous ecosystem as 
it will have to integrate a multitude of things from various 
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manufacturers. Therefore, version compatibility, and interop- 
erability have to be considered. 


C. Scalability 


The vast amount of interconnected things in the IoT de- 
mands highly scalable protocols. This also has an influence 
on security mechanisms. For instance, centralized approaches, 
e.g., hierarchical Public Key Infrastructures (PKIs), as well 
as some distributed approaches, e.g., pairwise symmetric key 
exchange schemes, cannot scale with the IoT. 


D. Constrained resources 


Things in the IoT will have constraints that need to be 
considered for security mechanisms. This includes energy 
limitations, e.g., battery powered devices, as well as low com- 
putation power, e.g., micro sensors. Thus, heavy computational 
cryptographic algorithms cannot be applied to all things. 


III. LIMITATIONS OF DEVICES 


The two main limitations 
computing power. 


are the battery capacity and 


1) Battery Life Extension: Three possible approaches can 
be used to mitigate this issue. The first is to use the 
minimum security requirements on the device, which is 
not recommended especially when dealing with sensitive 
data. The second approach is to increase the battery 
capacity. However, most IoT devices are designed to be 
lightweight and in small size. There is no extra room for 
a larger battery. The final approach is to harvest energy 
from natural resources. 

2) Lightweight Computation: conventional cryptography 
cannot work on IoT systems, since the devices have 
limited memory space which can’t handle the comput- 
ing and storage requirements of advanced cryptography 
algorithms. This way has little overhead because it takes 
advantages of radio signals. 


IV. CONNECTIVITY TECHNOLOGIES 


The aim of IoT is providing advanced mode of commu- 
nication between the various systems and devices as well 
as facilitating the interaction of humans with the virtual 
environment. 


1) Wireless Sensor Networks (WSN): WSN are composi- 
tions of independent nodes whose wireless communica- 
tion takes place over limited frequency and bandwidth. 
The communicating nodes of a typical wireless sensor 
network consist of the following parts: 


e Sensor 

e Microcontroller 

e Radio Transceiver 

e Memory 

e Battery 
Due to the limited communication range of each sensor 
node of a WSN, multi-hop relay of information take place 
between the source and the base station. The required data 
is collected by the wireless sensors through collaboration 


amongst the various nodes, which is then sent to the sink 
node for directed routing towards the base station. Some 
of the other security and privacy issues in a WSN are 


e Data Confidentiality 

e Data Integrity 

e Data Authentication 

e Data Freshness 

e Self-Organization 

e Availability 

e Time Synchronization 

e Secure Localization 

e Flexibility 

e Robustness and Survivability 

2) Radio Frequency Identification (RFID): RFID tech- 

nology is mainly used in information tags interacting 
with each other automatically. RFID tags use radio fre- 
quency waves for interacting and exchanging information 
between one another with no requirement for alignment 
in the same line of sight or physical contact. It uses the 
wireless technology of Automatic Identification and Data 
Capture (AIDC) A RFID is made up of the following two 
components. 


e RFID tags (Transponders): In a RFID tag, an antenna 
is embedded in a microchip. The RFID tag also 
consists of memory units, which houses a unique 
identifier known as Electronic Product Code (EPC). 
The function of the EPC in each tag is to provide a 
universal numerical data by which a particular tag is 
recognized universally. 

e RFID readers (Transceivers): The RFID reader func- 
tions as the identification detector of each tag by its 
interaction with the EPC of the tag under its scan. 


3) Security issues in RFID technology: The four most 
common types of attacks and security issues of RFID 
tags 

e Unauthorized tag disabling (Attack on authenticity) 
e Unauthorized tag cloning (Attack on integrity) 

e Unauthorized tag tracking (Attack on confidentiality) 
e Replay attacks (Attack on availability) 


V. IOT ARCHITECTURE 


The primary concept of the IoT is the pervasive presence 
of a variety of things, e.g., RFID tags, sensors, actuators, 
mobile phones, that are able to exchange and process infor- 
mation through Internet This triggers a need of controlling 
and monitoring of the data. An IoT architecture fulfills this 
responsibility by creating a bridge between the things, and the 
virtual entities (the Internet and associated services)so that the 
data flow is consistent. According to many researchers, IoT 
technology works on three layers perception layer, network 
layer and application layers as shown in Figure 1. Perception 
Layer involves various types of data sensors like RFID, 
Barcodes or any other sensor network. The aim of this layer 
is to obtain information from the environmentby using sensors 
and then send it to the network layer. The aim of network layer 
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is to transmit the data collected from the perception layer to 
any specific information processing system through internet, 
mobile network or any other kind of reliable network. The aim 
of the IoT of developing smart environment is accomplished 
at the application layer. 


Application Layer 
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Fig. 1. 


Three layers of IoT 


The following sections provide an overview of the existing 
research projects: Internet of Things Architecture (IoT-A), 
Building the environment for the Things as a Service (Be- 
TaaS), Open source cloud solution for the Internet of Things 
(OpenIoT) and Internet of Things at Work. 

1) IoT-A: IoT is an architecture reference model developed 
with an EU FP7 project until 2013, with ongoing commu- 
nity development. This architecture uses the concepts of 
views and perspectives to guide the generation of archi- 
tecture instances, from business goals via requirements. 
Such views and per- spectives include the information 
view for static structures as well as dynamic information 
flows, the performance and scalability perspective, and 
the trust and security perspective . The requirements are 
derived from a multitude of coarse- grained requirements 
(so called unified requirements) based upon business 
goals, and then converted into fine- grained requirements 
for an architecture instance. The unified requirements 
are currently 38, addressing the security and privacy 
perspectives. In addition, IoT-A contains several models 
that are independent of particular architectures. These 
models include for instance the communication model 
and the trust, security and privacy model. 

2) BeTaaS: BeTaaS proposes an architecture for the IoT 
and Machine- to-machine (M2M) communication, to 
enable running appli- cations over a local cloud of 
gateways. Each BeTaaS in- stance builds its own cloud 
of gateways that integrates various heterogeneous M2M 
systems in a seamless way. BeTaaS is founded on the 
Things as a Service (TaaS) reference model. Modify- 
ing and augmenting the reference models of JoT-A.it 
provides architectural models for domains, information, 
communication, security, and functions.The architecture 


comprises of four layers. First, the Phys- ical Layer 
contains the M2M systems connected to the plat- form. 
Second, the Adaptation Layer handles the connection to 
the physical layer, abstracting from peculiarities of the 
individual M2M systems. The third layer, namely the 
TaaS Layer, relies on the abstraction layer and provides 
network- wide access to the devices in the M2M layer. 
Finally, the Service layer manages the functionalities and 
services of BeTaaS applications. 

3) OpenloT: The OpenloT architecture specification de- 
scribes two security modules: the security and privacy 
module as well as the trustworthiness (trust) module. 
Within the the security module, one submodule addresses 
secure messaging, another one authentication and autho- 
rization. Opposed to the specification, privacy features 
are not present in the public code. The trustworthiness 
module evaluates the trustworthiness of input sensor data 
(data trust). 

4) IoT@Work: IoT@Work is a European Commission FP 
7 project completed in 2013, with the goal of estab- 
lishing an IoT architecture for the industrial automation 
domain . The dominant requirements were interoperable 
and reliable network communication, auto-configuration, 
as well as security. For that, loT@Work introduces for 
instance the concept of network slices, a combination 
of virtualization, resource management, and security. A 
network slice is an abstract layer in between the physical 
view, e.g., network technology and devices, and the 
application view.loT @ Work is handling network security 
via commonly used technologies. Extensible Authentica- 
tion Protocol (EAP) as an IEEE 802.1X implementation 
ensures authentication in the low network layer, e.g., 
for switch ports. EAP-TLS also ensures confidential- 
ity. The concept of network slices allows for network 
virtualization, and thus fast network link fail-over to 
protect availability. While device integrity is addressed 
by IoT@Work, the authors are not aware of network 
integrity mechanisms.Authentication is mainly provided 
by network security in loT@ Work. 


VI. CLASSIFICATIONS ON IOT ATTACK 


The security of IoT is a big challenge because of complexity, 
heterogeneity and a large number of interconnected resources. 
The adversary can perform the attack on IoT system by 
damaging or tampering some node i.e. physical vulnerability, 
or from within its network by using faults in routing protocol 
and other network related protocol, or by using malicious 
program and by breaking encryption strategy i.e. encryption 
attack. Based on these vulnerabilities we classify the attack 
in four categories, as physical attack, network attack, software 
attack and encryption attack as shown in Figure 2. From each 
category, we considered one attack that is most dangerous from 
all the attack of that category. 


1) Physical Attacks: Physical attacks are concentrated on 
hardware devices in the system. 
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Fig. 2. Various-security-attacks-in-the-IoT-system 


e Node Tampering:In this attack attacker physically 
alters the compromised node and can obtain sensitive 
information such as encryption key . 

e RF Interference on RFIDs:The attacker performs 
Denial of service attack by sending noise signals over 
radio frequency signals. These signals are used for 
RFIDs communication . 

e Malicious Node Injection: In this attack, attacker 
physically injects a new malicious node between two 
or more nodes. It then modifies the data the passes the 
wrong information to the other nodes.The attacker 
uses the multiple nodes to perform malicious node 
injection attack. The adversary first inserts a replica 
of the node 

e Physical Damage: The attacker physically harms 
components of IoT system and it results in Denial 
of service attack. 


2) Network Attacks: These attacks are focused on the 


network of IoT system. 


e Traffic Analysis Attacks: The attacker intercepts and 
examines messages to obtain network information . 

e RFID authentication is not provided in the RFID sys- 
tems, then theadversary can observe, alter or remove 
information on nodes . 

e Man in the Middle Attacks: The attacker over the 
internet intercepts the communication between the 
two nodes. They obtain the sensitive information by 
eavesdropping . 

e Denial of Service: An attacker floods the network 
with large traffic so that services are unavailable to 
its intended users . 


3) Software Attacks: The attacker performs the attack by 


using virus, worm, spyware, adware etc. to steal data, 
deny the services, etc. 


e Phishing Attacks: The attacker obtains the private in- 
formation like username, passwords by email spoof- 
ing and by using fake websites. 


e Virus, Worms, Trojan horse, Spyware and Aware: 
An adversary can damage the system by using ma- 
licious code. These codes are spreads through email 
attachments, downloading files from the Internet. The 
worm has the ability to replicate itself without any 
human action.We can use worm detector, anti-virus, 
firewalls, intrusion detection system to detect the 
virus. 

e Malicious Scripts: By injecting malicious script the 
attacker can gain access to the system. 


4) Encryption Attacks: These attacks depend on destroy- 


ing encryption technique and obtain the private key. 


e Side-channel Attacks: The attacker uses the side 
channel information that is emitted by encrypting 
devices. It is neither the plaintext nor the cipher 
text, it contains information about power, thetime 
required to perform theoperation, faults frequency, 
etc. Attacker uses this information to detect the 
encryption key. 

e Timing computations are providing to a statistical 
model. It provides the guessed key bit to a certain 
extent of assurance 

e Cryptanalysis Attacks: In thisattack, the adversary 
obtains the encryption key by using either plaintext 
or ciphertext. Based on methodology used, there are 
different types of cryptanalysis attacks . 

a) Ciphertext Only Attack: In this the attacker can 
access the ciphertext and determine the corre- 
sponding plaintext 

b) Known Plaintext Attack: In this method, the 
attacker knows the plaintext for some parts of the 
ciphertext. The aim is to decrypt the remaining 
part of the ciphertext utilizing this information. 

c) Chosen Plaintext Attack: The attacker gets to 
choose what plaintext is encrypted and find the 
encryption key. 

d) Chosen Ciphertext Attack: By using the plaintext 
of chosen ciphertext the attacker can find the 
encryption key. 

e Man in the Middle Attacks: When two users are 
interchanging the key the attacker intercepts the 
communication and obtains the key . 


VII. IOT SECURITY AT DIFFERENT LAYERS 


1) Iot Perception Layer Security: The perception layer 


contains various types of collecting and controlling mod- 
ules, such as the temperature sensors, sound sensors, 
vibration sensors, pressure sensors, etc. The perception 
layer can be further divided into two parts: perception 
node (sensors or controllers, etc.), perception network that 
communicates with transportation network. Perception 
node is used for data acquisition and data control, percep- 
tion network sends collected data to the gateway or sends 
control instruction to the controller. Perception layer 
technologies include wireless sensor net- works (WSNs), 
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implantable medical devices (IMDs), Radio-Frequency 
IDentification (RFID), Global Positioning System. 

2) IoT Transport Layer Security: Network security re- 

quirements can be split into confidentiality, authenticity, 
integrity, and availability. These apply to IoT architec- 
tures, e.g., by means of things connecting to things or 
services. However, properties of the IoT, e.g., constrained 
resources, must be considered. The IoT requires archi- 
tectures to deal with the hetero- geneity of things. Inter- 
connecting things may require confi- dentiality, e.g., to 
prevent eavesdropping sensitive information via Internet 
transmission. Technologies such as and Transport Layer 
Security (TLS). 
Kothmayr et al. presented the first fully implemented two- 
way authentication scheme for the IoT system, based on 
existing Internet standards, especially the DTLS protocol. 
The proposed security scheme is performed during a fully 
authenticated DTLS handshake and based on an exchange 
of X.509 certificates containing RSA keys. It can work 
over standard communication stacks that offer UDP/IPv6 
networking for 6LoWPANS. 

3) IoT Application Layer Security: JoT has a wide 
variety of applications, including but not limited to 
smart home (e.g., learning thermostat, smart bulb), med- 
ical and healthcare (e.g., real-time health monitoring 
system), smart city (e.g., smart lighting, smart park- 
ing), energy management (e.g., smart grids, smart me- 
tering), environmental monitoring (e.g., climate moni- 
toring, wildlife tracking), industrial internet, connected 
vehicle.Most modern IoT devices contain configurable 
embedded computer systems. Some are even running 
complex software and resembling general-purpose com- 
puters, hence they face the same security risks as that 
of general-purpose computers. When connected to the 
Internet, they could get infected by computer virus like 
trojan 


VIII. CONVENTIONAL ENCRYPTION TECHNOLOGIES 


There are various cryptographic algorithm available based 
on key distribution In cryptography the encryption algorithms 
are not kept secret.The details of the algorithm are available 
in the public Domain. A knowledge of the algorithm alone is 
not sufficient to encrypt or decrypt a message. Some additional 
input as secret key for the algorithm also needed.The secret 
key can be numerical or a string of bits or a string of ASCII 
characters.The original message to be transmitted is known as 
the plain text. The transformed message is known as cipher 
text. 

e Symmetric Encryption: In a symmetric Encryption 
schemes, the same key is used for both encryption and 
decryption. 

e Asymmetric Encryption: In this Scheme different keys 
are used for both encryption and decryption 

e Block/Stream Cipher: 

— A Block Cipher processes the input one block of 
elements at time producing an output block for each 


Cipmercat 


Pihiziog 


Piitioot 


Fig. 3. Symmetric Encryption Technique 


input block 

— In Stream Cipher there will be a procedure to contin- 
uously produce the elements of a sequence called a 
key stream. Each element of the key stream to gives 
an element of the cipher text. 


e The algorithms DES/AES: Data Encryption Algorithm 
also known Data Encryption Algorithm (DEA) which was 
adopted by US govt. as a standard in 1976. Now the US 
Govt has replaced DES by AES as the Standard. AES is 
a symmetric key block cipher. 


IX. CONCLUSION 


Researchers have proposed different solutions on these 
attacks to tackle it. However implementation of all these 
security measures and techniques together consumes com- 
putation as well as battery power of devices which is not 
acceptable for IoT technology and its devices. There is a 
need of a security mechanism which handles maximum se- 
curity, problems but it should be light weight and robust 
for fit for IoT technology. Many of the attacks on IoT have 
been discussed and classified above. Some of these attacks 
can be avoided by just keeping some security precaution 
while the development of any application like checking node 
identity while communication or using devices which are 
difficult to tamper. However some attacks which are known, 
which are difficult to detect or prevent, there has been a 
need to find a secure and efficient. Advantages of Proposed 
System include more efficient encryption and decryption in 
both hardware and software implementations, much faster key 
generation allowing the use of disposable” keys (because keys 
are computationally cheap” to create).low memory use allows 
it to use in applications such as IOT Device. The proposed 
system will be capable enough to provide parallelizability, 
efficiency in security with authentication and confidentiality. 
Here the combination of symmetric AES GCM and NTRU 
asymmetric algorithm is used, so the benefit of security and 
faster performance id achieved. AES-GCM is Authenticated 
Encryption algorithm,by using this we can reduce the time to 
create digital signature separately. 
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Abstract—In recent years, there has been a significant rise in 
the use of technological means in general and in academic. The 
purpose of this study is to explore the effects of WhatsApp use for 
education and analysis of WhatsApp on status privacy. WhatsApp 
is a free messenger application that works across multiple 
platform and is being widely used among undergraduate students 
to send multimedia messages like photos, videos, audios along 
with simple text messages. The WhatsApp status feature provides 
the possibility of posting desired content without restrictions in 
terms of type with the capability of being managed by users. This 
study investigates the privacy issues associated with information 
shared through status and a study based on effect of WhatsApp 
use in English learning, oral language proficiency, teaching, and 
discussion media. The analysis showed that students developed 
positives opinions towards the use of WhatsApp in their courses. 
They demanded the same practice in their other courses as well. 


Index Terms—Whatsapp, education, learning, privacy, status. 


I. INTRODUCTION 


Ith their increasing time, scope, and frequency of 

W use, internet technologies have started to shape the 
way people form and share content and their way 

of communication. Social networks, which are very popular 
among young people, are becoming prevalent due to their 
nature to meet the needs of individuals towards socialization. 
Their nature that focuses on individuals started to shape users 
process of interaction and has become one of the important 
elements of the daily life. The high number of people joining 
social networks, which are defined as programs that ease the 
interaction between individuals and groups, provide various 
opportunities for social feedback and support the formation 
of tangled social relations (Boyd, 2003), show how immense 
the peoples need is for these networks. Within the framework 
of these needs, development of mobile versions of these 
programs that carry the social structure from real life to virtual 
environment and eliminate the time and space limitations, has 
become inevitable. This process, which started by commonly 
used web based social networks (Facebook, Twitter, etc.) in 
particular, began to be approached in different dimensions 
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after the introduction of the messaging applications rooted in 
mobile phones and are specifically designed for mobile phones 
(WhatsApp, BBM, Line, etc.). 

WhatsApp is an IM application that allows users to commu- 
nicate easily without time and location constraints. According 
to a blog post published in July 2017 by WhatsApp, they have 
exceeded | billion users globally, and those users share more 
than 50 billion messages, 4 billion photos, and 1 billion videos 
daily. Moreover, WhatsApp supports 64 languages from all 
around the world.1 Via this application, users can send texts, 
images, videos, statuses, short voice messages, and free calls 
to other users. 

WhatsApp messenger has the following collaborative fea- 
tures: 


e Multimedia: It allows the user to exchange videos, text 
messages, images and voice notes. 

e Group Chat: It supports the interaction of up to 50 group 
members. 

e Unlimited Messaging: The number of messages you 
can share on WhatsApp is unlimited. The application 
uses 3G/EDGE internet data plan or Wi-Fi to ensure 
continuous data transmission across platforms. 

e Cross Platform Engagements: Interactants with dif- 
ferent devices (personal digital assistants, Smart phones, 
Galaxy tablets) can message one another through various 
media (text messages, pictures, videos, voice notes). 

e Offline Messaging: Messages are saved automatically 
when the device is off or outside coverage area. 

e No Charges involved: There is no charges involved for 
using WhatsApp as it uses same internet data plan which 
is used for email or web browsing. 

e Pins and Users Name: WhatsApp user need not to 
remember passwords or username as it works via phone 
numbers and integrates with users address books. 


Of all the technological means noted above, the WhatsApp 
app has become one of the most popular in the market, 
as evident from its usage by over 350 million users (Tzuk, 
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2013). WhatsApp is a smart phone app intended for sending 
instant messages. Message can be sent both personally and 
in-group form such that it is possible to communicate with 
several people simultaneously. People utilize this app due to 
its low cost, the immediate possibility of holding a fluent 
conversation, the sense of belonging to a group that creates 
a feeling of community and family, and the confidentiality 
maintained, unlike social networks. 


II. IMPACT OF WHATSAPP IN EDUCATION 


The purpose of this study in this area is to explore the effects 
of WhatsApp use for education and determine the opinions 
of students towards the process. The study was designed in 
mixed research model which combines both qualitative and 
quantitative data. In the quantitative aspect of the study, quasi- 
experimental design, with a pretest-posttest control group, was 
used and the data were analyzed by two factor variance analy- 
sis for mixed measurements. The analysis indicated that both 
learning environments have different effects on the success 
of students and that supporting the traditional environment 
by using WhatsApp is more effective for the increase of 
success. For the qualitative aspect of the study, content analysis 
techniques were employed to analyze the data which were 
collected by open-ended question forms. The analysis showed 
that students developed positive opinions towards the use of 
WhatsApp in their courses. They demanded the same practice 
in their other courses as well. They reported that learning 
could also take place unconsciously and the messages with 
images were more effective for their learning. However, a few 
students have expressed adverse opinions about the timing of 
some posts and the redundant posts within the group. Finally, 
it is suggested that use of WhatsApp in education process be 
encouraged as a supportive technology. 


A. Utilization of whatsApp application as discussion media in 
blended learning 


Blended Learning is learning that combines direct instruc- 
tion (face to face) or offline and learning sessions using What- 
sApp or an online session. Offline learning session is done 
in classroom and online sessions when students and faculty 
using WhatsApp application outside the classroom. WhatsApp 
application utilization as a discussion media in Blended Learn- 
ing sessions initiated by offline using conventional methods, 
so the online session focused on the discussion as indicated 
by dialogue and interaction among participants. Such steps 
include preparing the materials to form a slide, ensure each 
participant own WhatsApp application and have the contact 
number of each participant, and create a group in WhatsApp 
application by entering all the contact numbers of participants. 
WhatsApp application usage is intended to support face to 
face sessions by taking advantage of participation in the 
discussions in small groups. Students discuss the study in the 
online sessions so that students in the group, did comment, 
justification, and advice so that they learn better quality. 


B. Efficiency of WhatsApp for self and peer assessments of 
oral language proficiency 


WhatsApp have been extensively used for language re- 
search; however, they have rarely been applied for language 
assessment purposes. To explore the efficiency of WhatsApp 
for assessment purposes, 30 Iranian English learners doing 
self- and peer-assessments on WhatsApp are studied. The 
changes and the reasons for the changes in their attitudes 
towards the two assessment types are also investigated. In a 
multi-phase study, the participants were trained on the new 
concepts of mobile assisted self- and peer-assessments. They 
were also involved in the concurrent tasks of self- and peer 
assessments and filled out four attitude questionnaires before 
and after their involvement in the two assessment types. 

The study addresses the following questions. 


1) Is there any significant difference between Iranian EFL 
learners mobile-assisted self and peer-assessments of oral 
language proficiency? 

2) What are the procedural differences between Iranian EFL 
learners mobile-assisted self- and peer-assessments of 
oral language proficiency? 

3) In what ways do Iranian EFL learners attitudes towards 
mobile-assisted self- and peer assessments of oral lan- 
guage proficiency change after their involvement in the 
two assessment types? 

4) What are the reasons for the changes in the Iranian 
EFL learners attitudes towards mobile-assisted self- and 
peer assessments of oral language proficiency after their 
involvement in the two assessment types? 


The present study was conducted through social networking 
using whatsapp application.A group is created , a training 
session was given to the participants of that group .Self and 
peer assessment questionnaires, voice recordings,and inter- 
views were done. 

The t-test results show that though the participants assigned 
different grades to themselves and their peers, this is not 
a procedural difference. The questionnaire results show that 
the participants generally adopted negative attitudes towards 
mobile-assisted assessments after being involved in them. 
They also gave various reasons for the change(s) in their 
attitudes. 

This study sought to explore the efficiency of WhatsApp for 
oral language assessment. We found that the use of WhatsApp 
does not generally affect the procedure and nature of self- and 
peer assessments. 


C. Using WhatsApp Enhance Students’ Learning of English 
Language 
A study was conducted on students regarding English learn- 
ing using Whatsapp. 
1) Methodology 
e Data Collection: The researcher used the analytical 
descriptive method to conduct this study. 
e Population: The population of this study was thirty 
six students female-students studying at College of 
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Science and Arts Majarda English Department in the 
Ist level who were studying listening and Speaking 
1 course in the Ist semester 2013-2014. 

e Instruments of the Study: The instruments used 
to collect the data of this study was Students ques- 
tionnaire beside the observation to the students per- 
formance and interaction.The questionnaire includes 
the questions regarding whether the use of whatsapp 
helped to improve the reading skills, writing skills 
,listening skills, vocabulary,overcome fear to use En- 
glish language. Regarding the finding above we can 
say there was clear development in the performance 
of the students and students have shown very good 
communication skills. 


2) Advantages of Using WhatsApp 


e WhatsApp was alternative to virtual classes that helps 
absent students to catch up. 

e Whats app answers students questions, and helps 
to increase students feeling of security since they 
always have their instructor around. 

e It helps to facilitate students discussion, and helps 
students overcome their fear of using the language. 

e It helps the students to develop their writing. 

e It enables the students to learn from their colleagues 
mistakes. 

e It helps the students to believe in their abilities and 
to have confidence. 

e It develops writing skill and increase students moti- 
vation towards learning. 


3) Disadvantages of Using WhatsApp 


e Preparing material needs time and experience about 
software that support the Apps. 

e Students are not fixed to the agreed time, and they 
send messages in any time even if it is late night. 

e Some students dont participate in discussion. 

e Students attention cant be assured, that not all stu- 
dents learn from the materials. 

e .Some students just copy and paste. 

e Instructor must be always cautious and patient to 
control the group. 


D. Integrating WhatsApp in the Educational System and 
Academia 


Following the incessant use of this app, it is evident that it 
too has entered the educational system and academia. Previous 
studies have found that class WhatsApp groups are used for 
communicating with students, nurturing a social atmosphere 
in class, forming a dialogue and collaboration between the 
students, and as a means of learning. Another benefit of this 
app is the possibility it gives the teacher to become more 
familiar with the students and to influence student discourse. 
Moreover,WhatsApp has academic benefits evident in the 
availability of the teacher, learning that continues outside the 
classroom, and rapid access to study materials. 


E. Use of WhatsApp Groups, Student Achievements and Sat- 
isfaction 


Use of WhatsApp groups expands the interpersonal 
instructor-student communication and enables availability for 
questions, scheduling meetings and consultations, thus creat- 
ing an administrative benefit that contributes to comfortable 
conduct within the group. 


F. Effectivity of E-Learning through Whatsapp 


Constant availability of facilitator and learning anytime 
anywhere has made WhatsApp a new and convenient tool 
for teaching learning activity. Though there is no significant 
difference between gain of knowledge from WhatsApp or 
didactic lectures, advantages (technical, educational or instruc- 
tional) out pars the disadvantages. A few disadvantages, like 
message flooding and eyestrain can be overruled by making 
small groups and using mobiles with bigger screen. Enabling 
a Wi-Fi in the college campus can make its use cost effective. 


III. ANALYSIS OF WHATSAPP PRIVACY 


Status is part of the user profile stored in the WhatsApp 
database, both on the WhatsApp server and on the user’s 
device. Each user is able to view the content of users who 
have stored their contact lists. Each time that the user is online, 
the WhatsApp database is also updated on the device. If any 
of the users (stored in the contact list) have changed their 
status content, these changes are updated in the WhatsApp 
database on the device (wa.db). Most of the files generated 
by WhatsApp Messenger and wa.db are stored in an area of 
the internal device memory, which is normally inaccessible to 
users. In this study, we use the method proposed by Anglano to 
access the WhatsApp database that contains the user’s status. 
This method is based on the YouWave emulator. For each 
access to the status content, we parse the file implementing 
the corresponding internal memory and extract the files corre- 
sponding to wa.db where WhatsApp Messenger stores the data 
related to the status and user profile. After accessing wa.db, 
we obtain the wa_contacts table using SQLite version 3. In 
this table, each user status is saved in its relevant status field. 


A. The process of status polarity computing 


Every word, sentence, or phrase used by users in their status 
content can spread a positive, negative, or neutral feeling, 
which we call polarity in this study. Polarity calculation is 
based on the semantic/emotional load of the words forming the 
status contents. Based on the language of the sentence,(either 
English or Persian) one of the tagging tools is used. In 
particular, here, we use Natural Language Processing for 
English sentences and the Persian part-of-speech tagge for 
Persian sentences. The result of this step is the determination 
of the role of words in grammatical terms. This operation is 
referred to as Tokenization, and each word is considered as a 
token. 
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B. Managing permissions 


Ideally a user should be able to post information to an 
online community and be assured that her information will 
only be shared with those people whom she wished to share 
with. Studies on Online Social Networks (OSN) have observed 
a lack of awareness about privacy settings among Facebook 
users. While some users were not aware of Facebook privacy 
settings, others did not know where the privacy settings were 
located, or that they existed at all. 


C. Privacy in Instant Messaging (IM) 


IM users have three main points of privacy concern: privacy 
from non-contacts, privacy regarding availability, and privacy 
regarding the content of IM communication. The majority 
of people are concerned about the types of information dis- 
played to people outside their intended audience. Online social 
networks such as Facebook have endeavored to address these 
concerns by providing privacy controls to end users that, 
enabling them to control who can see what information. 


D. WhatsApp privacy and security 


Security and privacy have been an ongoing issue for What- 
sApp with several researchers identifying security issues In 
2013 the Office of the Privacy Commissioner of Canada 
(OPC) determined that WhatsApp was breaching privacy laws. 
Although WhatsApp worked on some of these violations 
(e.g. messages encryption, sharing of status messages and 
presence), some are still in existence. 


E. Culture and privacy 


User privacy preferences and behaviors may vary depending 
on, for example, gender, culture, region or religion. In their 
research, Zakaria, Stanton, & Sarkar-Barney illustrated that 
cultural values play an important role in how people manage 
privacy issues. They depended on the culture values framework 
developed by Halls to discuss the differences between low- 
context cultures (e.g. United States, Germen, and English) and 
high-context cultures (e.g. Arab, Indian, Spanish, and Asian) 
and how these differences could relate to privacy. 


IV. CONCLUSION 


Privacy concerns play an important role at the onset of 
relationships between participants. The aim of this study has 
been to investigate aspects of privacy concerns from the use of 
status, sharing, and deduction of information from this section 
of WhatsApp. If we consider the user’s approach to status 
from the 2 perspectives, the willingness to use and the no 
willingness to use, then 74% of the users have been seeking 
to use the status. 

High infiltration of Smartphones has initiated growing use 
of WhatsApp for groups of teachers and their students to 
support the learning process by allowing direct access to lots of 
online resources. Combination of medium like videos, pictures 
and voice notes along with constant availability of facilitator 
and learning anytime anywhere, has made WhatsApp a new 
and convenient tool for teaching learning activity. Though 


there is no significant difference between gain of knowledge 
from WhatsApp or didactic lectures, advantages (technical, 
educational or instructional) out pars the disadvantages. A 
few disadvantages, like message flooding and eyestrain can 
be overruled by making small groups and using mobiles with 
bigger screen. Enabling a Wi-Fi in the college campus can 
make its use cost effective. 
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